Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-34986 (GCVE-0-2026-34986)
Vulnerability from cvelistv5 – Published: 2026-04-06 16:22 – Updated: 2026-06-30 12:05
VLAI
EPSS
Title
Go JOSE affect by a panic in JWE decryption
Summary
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
110 references
Impacted products
103 products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T14:21:42.477191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:21:54.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:cryostat:4::el9"
],
"defaultStatus": "affected",
"product": "Cryostat 4 on RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9"
],
"defaultStatus": "affected",
"product": "Custom Metric Autoscaler 2.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:6.0::el9"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift 6.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.3::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.3.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.4::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.4.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.5::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.5.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.6::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.6.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_api_data_protection:1.4::el9"
],
"defaultStatus": "affected",
"product": "OpenShift API for Data Protection 1.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_api_data_protection:1.5::el9"
],
"defaultStatus": "affected",
"product": "OpenShift API for Data Protection 1.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.8::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.20",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.21::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.21",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.22::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.22",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.27::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.27",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.18::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps 1.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1.21::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Pipelines 1.21",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Pipelines 1.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift distributed tracing 3.9.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.12::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.14::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.15::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.10::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.11::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.6::el8"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.7::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.8::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.9::el8"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:assisted_installer:2"
],
"defaultStatus": "affected",
"product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cert_manager:1"
],
"defaultStatus": "affected",
"product": "cert-manager Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1"
],
"defaultStatus": "affected",
"product": "Confidential Compute Attestation",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:kernel_module_management:2"
],
"defaultStatus": "affected",
"product": "Kernel Module Management Operator for Red Hat Openshift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_virtualization:2"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Virtualization",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "affected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ocp_tools"
],
"defaultStatus": "affected",
"product": "OpenShift Developer Tools and Services",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "affected",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "affected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:1"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Podman Desktop",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:0"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Podman Desktop - Tech Preview",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:connectivity_link:1"
],
"defaultStatus": "affected",
"product": "Red Hat Connectivity Link 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_cluster_manager_cli:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Cluster Manager CLI",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_service_on_aws:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift on AWS",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_security_profiles_operator:1"
],
"defaultStatus": "affected",
"product": "Security Profiles Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:0"
],
"defaultStatus": "affected",
"product": "Zero Trust Workload Identity Manager - Tech Preview",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:external_secrets_operator:1"
],
"defaultStatus": "unaffected",
"product": "External Secrets Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:lvms:4"
],
"defaultStatus": "unaffected",
"product": "Logical Volume Manager Storage",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1"
],
"defaultStatus": "unaffected",
"product": "Network Observability Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_nhc:0"
],
"defaultStatus": "unaffected",
"product": "Node HealthCheck Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_power_monitoring"
],
"defaultStatus": "unaffected",
"product": "Power monitoring for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat Advanced Cluster Security 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:kueue_operator:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Build of Kueue",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:windows_machine_config"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift for Windows Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:18.0"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenStack Platform 18.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:1"
],
"defaultStatus": "unaffected",
"product": "Zero Trust Workload Identity Manager",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-06T16:22:45.353Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:05:51.082Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"name": "RHBZ#2455470",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34986.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17789"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20569"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19719"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27856"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17040"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16696"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22937"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19135"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19017"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25252"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25248"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25250"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:32991"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19721"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20607"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19720"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26054"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17287"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20609"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10135"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19186"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23228"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19353"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22714"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19173"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26636"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26585"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29854"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26568"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13829"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11070"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11217"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13791"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24977"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19712"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17598"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27001"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17448"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27004"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20041"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27063"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21703"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25194"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17468"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25187"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21709"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23241"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27044"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20034"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17474"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25206"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10175"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20946"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24484"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21932"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21931"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11688"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9448"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8490"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9453"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8491"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8493"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9388"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17550"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17547"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12279"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12277"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11856"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24853"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10130"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24475"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24482"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24479"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24477"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24471"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12116"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19099"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19108"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28198"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17459"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17458"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11512"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17123"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22258"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17121"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22260"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30650"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18584"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18585"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:17789: Cryostat 4 on RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:20569: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19719: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:27856: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:17040: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:16696: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:22937: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19135: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:22450: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19017: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:25252: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:25248: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:25250: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:32991: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:19721: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:20607: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19720: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:26054: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:17287: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:20609: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:10135: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19186: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:23228: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19353: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:22714: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19173: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:26636: Custom Metric Autoscaler 2.19"
},
{
"lang": "en",
"value": "RHSA-2026:26585: Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"lang": "en",
"value": "RHSA-2026:22423: Multicluster Global Hub 1.3.4"
},
{
"lang": "en",
"value": "RHSA-2026:22347: Multicluster Global Hub 1.4.5"
},
{
"lang": "en",
"value": "RHSA-2026:21769: Multicluster Global Hub 1.5.4"
},
{
"lang": "en",
"value": "RHSA-2026:23345: Multicluster Global Hub 1.6.2"
},
{
"lang": "en",
"value": "RHSA-2026:29854: OpenShift API for Data Protection 1.4"
},
{
"lang": "en",
"value": "RHSA-2026:26568: OpenShift API for Data Protection 1.5"
},
{
"lang": "en",
"value": "RHSA-2026:25127: Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"lang": "en",
"value": "RHSA-2026:13829: Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"lang": "en",
"value": "RHSA-2026:11070: Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"lang": "en",
"value": "RHSA-2026:11217: Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"lang": "en",
"value": "RHSA-2026:13791: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:24977: Red Hat OpenShift AI 2.25"
},
{
"lang": "en",
"value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:17598: Red Hat OpenShift Container Platform 4.17"
},
{
"lang": "en",
"value": "RHSA-2026:27001: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:17448: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:27004: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:20041: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:27063: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:21703: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:25194: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:17468: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:25187: Red Hat OpenShift Container Platform 4.21"
},
{
"lang": "en",
"value": "RHSA-2026:21709: Red Hat OpenShift Container Platform 4.21"
},
{
"lang": "en",
"value": "RHSA-2026:23241: Red Hat OpenShift Container Platform 4.21"
},
{
"lang": "en",
"value": "RHSA-2026:27044: Red Hat OpenShift Container Platform 4.21"
},
{
"lang": "en",
"value": "RHSA-2026:20034: Red Hat OpenShift Container Platform 4.21"
},
{
"lang": "en",
"value": "RHSA-2026:17474: Red Hat OpenShift Container Platform 4.21"
},
{
"lang": "en",
"value": "RHSA-2026:25206: Red Hat OpenShift Container Platform 4.22"
},
{
"lang": "en",
"value": "RHSA-2026:10175: Red Hat OpenShift Dev Spaces 3.27"
},
{
"lang": "en",
"value": "RHSA-2026:20946: Red Hat OpenShift GitOps 1.18"
},
{
"lang": "en",
"value": "RHSA-2026:24484: Red Hat OpenShift Pipelines 1.21"
},
{
"lang": "en",
"value": "RHSA-2026:21932: Red Hat OpenShift Pipelines 1.2"
},
{
"lang": "en",
"value": "RHSA-2026:21931: Red Hat OpenShift Pipelines 1.2"
},
{
"lang": "en",
"value": "RHSA-2026:11688: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:9448: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:8490: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:9453: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:8491: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:8493: Red Hat OpenShift Service Mesh 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:9388: Red Hat OpenShift distributed tracing 3.9.3"
},
{
"lang": "en",
"value": "RHSA-2026:9385: Red Hat OpenShift distributed tracing 3.9.3"
},
{
"lang": "en",
"value": "RHSA-2026:17550: Red Hat Openshift Data Foundation 4.17"
},
{
"lang": "en",
"value": "RHSA-2026:17547: Red Hat Openshift Data Foundation 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:12279: Red Hat Openshift Data Foundation 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:12277: Red Hat Openshift Data Foundation 4.2"
},
{
"lang": "en",
"value": "RHSA-2026:11856: Red Hat Quay 3.12"
},
{
"lang": "en",
"value": "RHSA-2026:22629: Red Hat Quay 3.12"
},
{
"lang": "en",
"value": "RHSA-2026:21017: Red Hat Quay 3.14"
},
{
"lang": "en",
"value": "RHSA-2026:24853: Red Hat Quay 3.15"
},
{
"lang": "en",
"value": "RHSA-2026:19375: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:22465: Red Hat Quay 3.17"
},
{
"lang": "en",
"value": "RHSA-2026:11916: Red Hat Quay 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:22840: Red Hat Quay 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:23361: Red Hat Quay 3.9"
},
{
"lang": "en",
"value": "RHSA-2026:11996: Red Hat Quay 3.9"
},
{
"lang": "en",
"value": "RHSA-2026:10125: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:10130: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:24475: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:24482: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:24479: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:24477: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:24471: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:12116: multicluster engine for Kubernetes 2.10"
},
{
"lang": "en",
"value": "RHSA-2026:19099: multicluster engine for Kubernetes 2.10"
},
{
"lang": "en",
"value": "RHSA-2026:19108: multicluster engine for Kubernetes 2.11"
},
{
"lang": "en",
"value": "RHSA-2026:28198: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:17459: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:17458: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:11512: multicluster engine for Kubernetes 2.7"
},
{
"lang": "en",
"value": "RHSA-2026:17123: multicluster engine for Kubernetes 2.8"
},
{
"lang": "en",
"value": "RHSA-2026:22258: multicluster engine for Kubernetes 2.8"
},
{
"lang": "en",
"value": "RHSA-2026:17121: multicluster engine for Kubernetes 2.8"
},
{
"lang": "en",
"value": "RHSA-2026:22260: multicluster engine for Kubernetes 2.8"
},
{
"lang": "en",
"value": "RHSA-2026:30650: multicluster engine for Kubernetes 2.8"
},
{
"lang": "en",
"value": "RHSA-2026:18584: multicluster engine for Kubernetes 2.9"
},
{
"lang": "en",
"value": "RHSA-2026:18585: multicluster engine for Kubernetes 2.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-06T17:01:34.639Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-06T16:22:45.353Z",
"value": "Made public."
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "go-jose",
"vendor": "go-jose",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.1.4"
},
{
"status": "affected",
"version": "\u003c 3.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T16:22:45.353Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"name": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"tags": [
"x_refsource_MISC"
],
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"source": {
"advisory": "GHSA-78h2-9frx-2jm8",
"discovery": "UNKNOWN"
},
"title": "Go JOSE affect by a panic in JWE decryption"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34986",
"datePublished": "2026-04-06T16:22:45.353Z",
"dateReserved": "2026-03-31T19:38:31.617Z",
"dateUpdated": "2026-06-30T12:05:51.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-34986",
"date": "2026-06-29",
"epss": "0.00283",
"percentile": "0.19979"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-34986\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-04-06T17:17:11.870\",\"lastModified\":\"2026-06-30T03:19:00.233\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"go-jose\",\"product\":\"go-jose\",\"versions\":[{\"version\":\"\u003e= 4.0.0, \u003c 4.1.4\",\"status\":\"affected\"},{\"version\":\"\u003c 3.0.5\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Cryostat 4 on RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cryostat:4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.9.2)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.2::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Custom Metric Autoscaler 2.19\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift 6.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:6.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub 1.3.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub:1.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub 1.4.5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub:1.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub 1.5.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub:1.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub 1.6.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub:1.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift API for Data Protection 1.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_api_data_protection:1.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift API for Data Protection 1.5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_api_data_protection:1.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:acm:2.14::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security for Kubernetes 4.10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.10::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security for Kubernetes 4.8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.8::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security for Kubernetes 4.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.9::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI 2.25\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai:2.25::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI 3.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai:3.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.17\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.17::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.18\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.18::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.19\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.19::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.20\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.20::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.21\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.21::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.22\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.22::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces 3.27\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3.27::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps 1.18\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1.18::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Pipelines 1.21\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_pipelines:1.21::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Pipelines 1.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_pipelines:1.20::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:2.6::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.2::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift distributed tracing 3.9.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_distributed_tracing:3.9::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Openshift Data Foundation 4.17\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_data_foundation:4.17::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Openshift Data Foundation 4.18\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_data_foundation:4.18::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Openshift Data Foundation 4.19\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_data_foundation:4.19::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Openshift Data Foundation 4.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_data_foundation:4.20::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.12\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.12::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.14::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.15\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.15::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.16\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.16::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.17\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.17::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.10::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.9::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Artifact Signer 1.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:trusted_artifact_signer:1.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.10::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.11\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.11::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.6::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.7::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.8::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.9::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Assisted Installer for Red Hat OpenShift Container Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:assisted_installer:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"cert-manager Operator for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cert_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Confidential Compute Attestation\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:confidential_compute_attestation:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Kernel Module Management Operator for Red Hat Openshift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:kernel_module_management:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:5\"]},{\"vendor\":\"Red Hat\",\"product\":\"Migration Toolkit for Containers\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhmt:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Migration Toolkit for Virtualization\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:migration_toolkit_virtualization:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Engine for Kubernetes\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Developer Tools and Services\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ocp_tools\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Lightspeed\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_lightspeed\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Pipelines\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_pipelines:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Serverless\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:serverless:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Service Mesh 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:acm:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Build of Podman Desktop\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:podman_desktop:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Build of Podman Desktop - Tech Preview\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:podman_desktop:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Connectivity Link 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:connectivity_link:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Cluster Manager CLI\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_cluster_manager_cli:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Openshift Data Foundation 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_data_foundation:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift on AWS\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_service_on_aws:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Artifact Signer\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:trusted_artifact_signer:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Security Profiles Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_security_profiles_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager - Tech Preview\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"External Secrets Operator for Red Hat OpenShift\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:external_secrets_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logical Volume Manager Storage\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:lvms:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Network Observability Operator\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:network_observ_optr:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Node HealthCheck Operator\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_nhc:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Service Mesh 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Power monitoring for Red Hat OpenShift\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_power_monitoring\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security 4\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Build of Kueue\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:kueue_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift for Windows Containers\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:windows_machine_config\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Virtualization 4\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:container_native_virtualization:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 18.0\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openstack:18.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:1\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-04-07T14:21:42.477191Z\",\"id\":\"CVE-2026-34986\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-248\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-131\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:go-jose_project:go-jose:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.5\",\"matchCriteriaId\":\"C8F16FC9-40BA-4C17-9ABD-614143E86BFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:go-jose_project:go-jose:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"DC2FEC8C-1ECF-40EA-A074-86B4C7688B60\"}]}]}],\"references\":[{\"url\":\"https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Technical Description\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10125\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10130\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10135\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10175\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11070\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11217\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11512\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11688\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11856\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11916\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11996\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:12116\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:12277\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:12279\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13791\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13829\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16696\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17040\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17121\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17123\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17287\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17448\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17458\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17459\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17468\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17474\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17547\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17550\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17598\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17789\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:18584\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:18585\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19017\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19099\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19108\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19135\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19173\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19186\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19353\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19375\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19712\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19719\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19720\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19721\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20034\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20041\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20569\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20607\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20609\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20946\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21017\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21703\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21709\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21769\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21931\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21932\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22258\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22260\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22347\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22423\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22450\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22465\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22629\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22714\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22840\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22937\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23228\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23241\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23345\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23361\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24471\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24475\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24477\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24479\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24482\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24484\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24853\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24977\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25127\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25187\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25194\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25206\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25248\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25250\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25252\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26054\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26568\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26585\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26636\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:27001\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:27004\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:27044\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:27063\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:27856\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28198\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:29854\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30650\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:32991\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8490\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8491\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8493\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9385\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9388\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9448\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9453\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-34986\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2455470\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34986.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-34986\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-07T14:21:42.477191Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-07T14:21:49.130Z\"}}], \"cna\": {\"title\": \"Go JOSE affect by a panic in JWE decryption\", \"source\": {\"advisory\": \"GHSA-78h2-9frx-2jm8\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"go-jose\", \"product\": \"go-jose\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 4.0.0, \u003c 4.1.4\"}, {\"status\": \"affected\", \"version\": \"\u003c 3.0.5\"}]}], \"references\": [{\"url\": \"https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8\", \"name\": \"https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants\", \"name\": \"https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-248\", \"description\": \"CWE-248: Uncaught Exception\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-04-06T16:22:45.353Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-34986\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-07T14:21:54.041Z\", \"dateReserved\": \"2026-03-31T19:38:31.617Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-04-06T16:22:45.353Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:21769
Vulnerability from csaf_redhat - Published: 2026-05-28 20:39 - Updated: 2026-06-30 12:53Summary
Red Hat Security Advisory: Multicluster Global Hub 1.5.4 security update
Severity
Important
Notes
Topic: Multicluster Global Hub v1.5.4 general availability release images, which provide security fixes, bug fixes, and updated container images.
Red Hat Product Security has rated this update as having a security impact of Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Details: Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
No description is available for this CVE.
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
A flaw was found in Tempo. A remote attacker can exploit this vulnerability by sending large queries to the Tempo service. This can lead to excessive memory allocations, potentially causing a Denial of Service (DoS) by impacting the availability of the service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Important
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker can exploit this vulnerability before authentication by sending a specially crafted WebSockets frame. This missing sanity check can trigger a server panic, leading to a Denial of Service (DoS) for affected deployments that use WebSockets and expose the network port to untrusted endpoints.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. A remote attacker can exploit this vulnerability by connecting to a NATS-Server instance where the 'leafnode' configuration is enabled and compression is active. This pre-authentication flaw allows the attacker to trigger a server crash, resulting in a Denial of Service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Important
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
5.9 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Important
A flaw was found in github.com/buger/jsonparser. The Delete function, when processing malformed JSON input, fails to properly validate offsets. This vulnerability can lead to a negative slice index and a runtime panic, allowing a remote attacker to cause a denial of service (DoS) by providing specially crafted JSON data.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. A remote attacker could exploit this vulnerability by manipulating MQTT (Message Queuing Telemetry Transport) Client IDs. This malfeasance allows for the hijacking of client sessions and messages. This could lead to unauthorized access to sensitive information or disruption of service.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Moderate
A flaw was found in NATS-Server, a high-performance server for the NATS.io messaging system. For MQTT deployments utilizing usercodes and passwords, the MQTT passwords were mistakenly categorized as non-authenticating identity statements (JSON Web Tokens - JWT). This misclassification leads to the exposure of these passwords through monitoring endpoints, enabling an attacker with access to these endpoints to gain sensitive information.
8.6 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. When Access Control Lists (ACLs) were configured for message subjects, these controls were not correctly applied within the `$MQTT.>` namespace. This oversight allows MQTT clients to bypass the intended ACL checks, potentially granting unauthorized access to sensitive message subjects. This vulnerability could lead to information disclosure or unauthorized message manipulation.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker, by connecting to the leafnode port and sending a specially crafted malformed message before authentication, can cause the nats-server to crash. This vulnerability leads to a Denial of Service (DoS), making the server unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. A malicious client connecting to the WebSockets port can cause unbounded memory use before authentication by sending a large amount of data. This resource exhaustion vulnerability can lead to a Denial of Service (DoS) for the server, making it unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. If the NATS-Server is configured with static credentials provided through command-line arguments (argv) and the monitoring port is enabled, a remote attacker with access to the monitoring port can view these credentials. The /debug/vars endpoint on the monitoring port exposes an unredacted copy of the command-line arguments, leading to information disclosure of sensitive authentication details.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in etcd, a distributed key-value store. Unauthorized users can bypass authentication or authorization checks when the gRPC API is exposed to untrusted clients. This allows them to access sensitive cluster topology information, disrupt operations through alarms, interfere with lease management, and trigger data compaction, leading to permanent data loss and disruption of critical workflows. This vulnerability can result in information disclosure and denial of service.
7.7 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in goxmlsig, a Go library for XML Digital Signatures. This vulnerability arises from a programming error, specifically a loop variable capture issue, within the `validateSignature` function. When processing XML Digital Signatures, this error can cause the system to incorrectly validate the signature, potentially allowing an attacker to bypass integrity checks. This issue affects Go versions before 1.22 or projects using older `go.mod` configurations.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.
8.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Important
A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted WEBP image with an invalid, large size. This could cause the application to panic and crash on 32-bit platforms, leading to a Denial of Service (DoS).
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Moderate
A flaw was found in Moby, an open-source container framework. This vulnerability allows for a privilege validation bypass during `docker plugin install`. Due to an error in the daemon's privilege comparison logic, the system may incorrectly accept a plugin's requested privileges that differ from those approved by the user. This could lead to unauthorized privilege escalation for installed plugins.
8.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Important
A flaw was found in Moby, an open-source container framework. This security vulnerability allows attackers to bypass authorization plugins (AuthZ), which are mechanisms designed to control access and permissions within the container environment. The bypass of these plugins can lead to unauthorized operations and potential compromise of the system's integrity and confidentiality.
8.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in github.com/gomarkdown/markdown, a Go library for parsing Markdown text and rendering as HTML. A remote attacker could exploit this vulnerability by providing a specially crafted malformed input. Specifically, input containing a '<' character not followed by a '>' character, when processed by the SmartypantsRenderer, can lead to an out-of-bounds read or a panic. This can result in a denial of service (DoS) for the application, making it unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Apache Thrift TFramedTransport Go language implementation. This integer overflow or wraparound vulnerability could potentially allow an attacker to cause unexpected behavior or resource exhaustion, leading to a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This vulnerability involves improper validation of server certificates, where the hostname presented in the certificate does not match the expected hostname. A remote attacker could exploit this to impersonate a legitimate server, potentially intercepting or altering sensitive communications and leading to unauthorized access or information disclosure.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This out-of-bounds read vulnerability could allow an attacker to access memory outside of allocated bounds. This could lead to information disclosure or potentially a denial of service (DoS) condition.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This integer overflow or wraparound vulnerability could potentially lead to unexpected behavior or resource exhaustion, which may impact the availability or integrity of the system. The exact consequences depend on how the overflow is triggered and handled within the application.
7.7 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. An uncontrolled recursion vulnerability exists, which could allow a remote attacker to trigger a Denial of Service (DoS) condition. This occurs when the affected component processes specially crafted input, leading to excessive resource consumption and system unavailability.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This out-of-bounds read vulnerability can lead to the disclosure of sensitive information or a denial of service.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Important
Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Moderate
A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This could lead to a security bypass, potentially enabling unauthorized access or information disclosure.
7.3 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
References
248 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Multicluster Global Hub v1.5.4 general availability release images, which provide security fixes, bug fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact of Important. \nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:21769",
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21728",
"url": "https://access.redhat.com/security/cve/CVE-2026-21728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27889",
"url": "https://access.redhat.com/security/cve/CVE-2026-27889"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29785",
"url": "https://access.redhat.com/security/cve/CVE-2026-29785"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32283",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32285",
"url": "https://access.redhat.com/security/cve/CVE-2026-32285"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32286",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33215",
"url": "https://access.redhat.com/security/cve/CVE-2026-33215"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33216",
"url": "https://access.redhat.com/security/cve/CVE-2026-33216"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33217",
"url": "https://access.redhat.com/security/cve/CVE-2026-33217"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33218",
"url": "https://access.redhat.com/security/cve/CVE-2026-33218"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33219",
"url": "https://access.redhat.com/security/cve/CVE-2026-33219"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33247",
"url": "https://access.redhat.com/security/cve/CVE-2026-33247"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33413",
"url": "https://access.redhat.com/security/cve/CVE-2026-33413"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33487",
"url": "https://access.redhat.com/security/cve/CVE-2026-33487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33810",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33813",
"url": "https://access.redhat.com/security/cve/CVE-2026-33813"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33997",
"url": "https://access.redhat.com/security/cve/CVE-2026-33997"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34040",
"url": "https://access.redhat.com/security/cve/CVE-2026-34040"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40890",
"url": "https://access.redhat.com/security/cve/CVE-2026-40890"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41602",
"url": "https://access.redhat.com/security/cve/CVE-2026-41602"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41603",
"url": "https://access.redhat.com/security/cve/CVE-2026-41603"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41604",
"url": "https://access.redhat.com/security/cve/CVE-2026-41604"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41605",
"url": "https://access.redhat.com/security/cve/CVE-2026-41605"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41606",
"url": "https://access.redhat.com/security/cve/CVE-2026-41606"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41607",
"url": "https://access.redhat.com/security/cve/CVE-2026-41607"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41636",
"url": "https://access.redhat.com/security/cve/CVE-2026-41636"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-43869",
"url": "https://access.redhat.com/security/cve/CVE-2026-43869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4427",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_21769.json"
}
],
"title": "Red Hat Security Advisory: Multicluster Global Hub 1.5.4 security update",
"tracking": {
"current_release_date": "2026-06-30T12:53:56+00:00",
"generator": {
"date": "2026-06-30T12:53:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:21769",
"initial_release_date": "2026-05-28T20:39:36+00:00",
"revision_history": [
{
"date": "2026-05-28T20:39:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-28T20:39:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T12:53:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Multicluster Global Hub 1.5.4",
"product": {
"name": "Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_globalhub:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Multicluster Global Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Ad91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1778867753"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Adc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779828691"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Ab70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779828813"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-operator-bundle@sha256%3A8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle\u0026tag=1779837290"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779828536"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779835152"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1778867753"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779828691"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779828813"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Ac985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779828536"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779835152"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Afc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1778867753"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Afb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779828691"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779828813"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779828536"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3Aeaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779835152"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Ae26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1778867753"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Adf44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779828691"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Abb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779828813"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Acffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779828536"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779835152"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-21728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T09:00:58.144273+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461395"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tempo. A remote attacker can exploit this vulnerability by sending large queries to the Tempo service. This can lead to excessive memory allocations, potentially causing a Denial of Service (DoS) by impacting the availability of the service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana/tempo: Tempo: Denial of Service via large queries",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21728"
},
{
"category": "external",
"summary": "RHBZ#2461395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461395"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21728",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21728"
},
{
"category": "external",
"summary": "https://grafana.com/security/security-advisories/cve-2026-21728",
"url": "https://grafana.com/security/security-advisories/cve-2026-21728"
}
],
"release_date": "2026-04-24T08:00:47.074000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana/tempo: Tempo: Denial of Service via large queries"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-27889",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-25T20:01:58.261703+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451447"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker can exploit this vulnerability before authentication by sending a specially crafted WebSockets frame. This missing sanity check can trigger a server panic, leading to a Denial of Service (DoS) for affected deployments that use WebSockets and expose the network port to untrusted endpoints.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed WebSockets frame",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27889"
},
{
"category": "external",
"summary": "RHBZ#2451447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451447"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27889",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27889"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-03.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-03.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-pq2q-rcw4-3hr6",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-pq2q-rcw4-3hr6"
}
],
"release_date": "2026-03-25T19:36:36.370000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed WebSockets frame"
},
{
"cve": "CVE-2026-29785",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-03-25T20:01:35.121898+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451444"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. A remote attacker can exploit this vulnerability by connecting to a NATS-Server instance where the \u0027leafnode\u0027 configuration is enabled and compression is active. This pre-authentication flaw allows the attacker to trigger a server crash, resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via leafnode compression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29785"
},
{
"category": "external",
"summary": "RHBZ#2451444",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451444"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29785",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29785"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-04.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-04.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/commit/a1488de6f2ba6e666aef0f9cce0016f7f167d6a8",
"url": "https://github.com/nats-io/nats-server/commit/a1488de6f2ba6e666aef0f9cce0016f7f167d6a8"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-52jh-2xxh-pwh6",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-52jh-2xxh-pwh6"
}
],
"release_date": "2026-03-25T19:38:44.587000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via leafnode compression"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
},
{
"cve": "CVE-2026-32285",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:54.925687+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451846"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/buger/jsonparser. The Delete function, when processing malformed JSON input, fails to properly validate offsets. This vulnerability can lead to a negative slice index and a runtime panic, allowing a remote attacker to cause a denial of service (DoS) by providing specially crafted JSON data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32285"
},
{
"category": "external",
"summary": "RHBZ#2451846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32285",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32285"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285"
},
{
"category": "external",
"summary": "https://github.com/buger/jsonparser/issues/275",
"url": "https://github.com/buger/jsonparser/issues/275"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4514",
"url": "https://github.com/golang/vulndb/issues/4514"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4514",
"url": "https://pkg.go.dev/vuln/GO-2026-4514"
}
],
"release_date": "2026-03-26T19:40:51.837000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The PostgreSQL server multicluster-globalhub-manager connects to is either provisioned by the operator itself or specified by the admin managing the deployment. To successfully exploit the vulnerability in this context the attacker would need to compromise the operator-deployed PostgreSQL server to force a crafted malicious DataRow message or they would need to have the privileges required to modify the operator-provisioned deployment or configure globalhub-manager to use a compromised/malicious \u201cBYO Postgres\u201d server.\n\nThe first scenario (compromising a legitimate PostgreSQL server) would change Attack Complexity from Low to High resulting in an adjusted CVSS v3.1 score of 5.9 (Moderate)\nThe other scenarios (manipulating the operator provisioned-deployment or configuring the globalhub-manager to use a malicious server) would maintain AC:L but would require privileged access. This would change Privileges Required from None to High resulting in an adjusted CVSS v3.1 score of 4.9 (Moderate)\n\nBased on the above the Impact Rating for multicluster-globalhub-manager-rhel9 is Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33215",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2026-03-24T22:01:19.032191+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451021"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. A remote attacker could exploit this vulnerability by manipulating MQTT (Message Queuing Telemetry Transport) Client IDs. This malfeasance allows for the hijacking of client sessions and messages. This could lead to unauthorized access to sensitive information or disruption of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: NATS-Server: Session and message hijacking via MQTT Client ID malfeasance",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33215"
},
{
"category": "external",
"summary": "RHBZ#2451021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451021"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33215",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33215"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33215",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33215"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-06.tx",
"url": "https://advisories.nats.io/CVE/secnote-2026-06.tx"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-fcjp-h8cc-6879",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-fcjp-h8cc-6879"
}
],
"release_date": "2026-03-24T20:55:53.455000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nats-server: NATS-Server: Session and message hijacking via MQTT Client ID malfeasance"
},
{
"cve": "CVE-2026-33216",
"cwe": {
"id": "CWE-213",
"name": "Exposure of Sensitive Information Due to Incompatible Policies"
},
"discovery_date": "2026-03-25T20:02:03.000174+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451448"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server, a high-performance server for the NATS.io messaging system. For MQTT deployments utilizing usercodes and passwords, the MQTT passwords were mistakenly categorized as non-authenticating identity statements (JSON Web Tokens - JWT). This misclassification leads to the exposure of these passwords through monitoring endpoints, enabling an attacker with access to these endpoints to gain sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: github.com/nats-io/nats-server: NATS-Server: Information disclosure of MQTT passwords through monitoring endpoints",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33216"
},
{
"category": "external",
"summary": "RHBZ#2451448",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451448"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33216",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33216"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-05.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-05.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/commit/b5b63cfc35a57075e09c1f57503d31721bed8099",
"url": "https://github.com/nats-io/nats-server/commit/b5b63cfc35a57075e09c1f57503d31721bed8099"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-v722-jcv5-w7mc",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-v722-jcv5-w7mc"
}
],
"release_date": "2026-03-25T19:41:55.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nats-server: github.com/nats-io/nats-server: NATS-Server: Information disclosure of MQTT passwords through monitoring endpoints"
},
{
"cve": "CVE-2026-33217",
"cwe": {
"id": "CWE-425",
"name": "Direct Request (\u0027Forced Browsing\u0027)"
},
"discovery_date": "2026-03-25T20:01:47.815937+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451446"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. When Access Control Lists (ACLs) were configured for message subjects, these controls were not correctly applied within the `$MQTT.\u003e` namespace. This oversight allows MQTT clients to bypass the intended ACL checks, potentially granting unauthorized access to sensitive message subjects. This vulnerability could lead to information disclosure or unauthorized message manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: github.com/nats-io/nats-server: NATS-Server: Access control bypass via unapplied ACLs in MQTT namespace",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33217"
},
{
"category": "external",
"summary": "RHBZ#2451446",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451446"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33217",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33217"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33217"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-07.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-07.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-jxxm-27vp-c3m5",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-jxxm-27vp-c3m5"
}
],
"release_date": "2026-03-25T19:43:40.969000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nats-server: github.com/nats-io/nats-server: NATS-Server: Access control bypass via unapplied ACLs in MQTT namespace"
},
{
"cve": "CVE-2026-33218",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-25T20:02:13.680355+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451450"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker, by connecting to the leafnode port and sending a specially crafted malformed message before authentication, can cause the nats-server to crash. This vulnerability leads to a Denial of Service (DoS), making the server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed message pre-authentication on leafnode port",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33218"
},
{
"category": "external",
"summary": "RHBZ#2451450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451450"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33218",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33218"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33218",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33218"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-10.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-10.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-vprv-35vv-q339",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-vprv-35vv-q339"
}
],
"release_date": "2026-03-25T19:53:12.075000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nats-server: github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed message pre-authentication on leafnode port"
},
{
"cve": "CVE-2026-33219",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-25T20:01:41.235854+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451445"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. A malicious client connecting to the WebSockets port can cause unbounded memory use before authentication by sending a large amount of data. This resource exhaustion vulnerability can lead to a Denial of Service (DoS) for the server, making it unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via unbounded memory use in WebSockets",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33219"
},
{
"category": "external",
"summary": "RHBZ#2451445",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451445"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33219"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-02.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-02.txt"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-11.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-11.txt"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-qrvq-68c2-7grw",
"url": "https://github.com/advisories/GHSA-qrvq-68c2-7grw"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-8r68-gvr4-jh7j",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-8r68-gvr4-jh7j"
}
],
"release_date": "2026-03-25T19:55:28.363000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via unbounded memory use in WebSockets"
},
{
"cve": "CVE-2026-33247",
"cwe": {
"id": "CWE-214",
"name": "Invocation of Process Using Visible Sensitive Information"
},
"discovery_date": "2026-03-25T21:02:07.985713+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. If the NATS-Server is configured with static credentials provided through command-line arguments (argv) and the monitoring port is enabled, a remote attacker with access to the monitoring port can view these credentials. The /debug/vars endpoint on the monitoring port exposes an unredacted copy of the command-line arguments, leading to information disclosure of sensitive authentication details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Information disclosure of credentials via monitoring port and command-line arguments",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33247"
},
{
"category": "external",
"summary": "RHBZ#2451486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33247",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33247"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-14.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-14.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-x6g4-f6q3-fqvv",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-x6g4-f6q3-fqvv"
}
],
"release_date": "2026-03-25T20:02:18.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Information disclosure of credentials via monitoring port and command-line arguments"
},
{
"cve": "CVE-2026-33413",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"discovery_date": "2026-03-26T14:03:01.896580+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451728"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in etcd, a distributed key-value store. Unauthorized users can bypass authentication or authorization checks when the gRPC API is exposed to untrusted clients. This allows them to access sensitive cluster topology information, disrupt operations through alarms, interfere with lease management, and trigger data compaction, leading to permanent data loss and disruption of critical workflows. This vulnerability can result in information disclosure and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "etcd: etcd: Authorization bypass allows information disclosure and denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in etcd allows unauthorized users to bypass authentication or authorization checks when the gRPC API is exposed to untrusted clients and etcd\u0027s built-in authentication is enabled. This can lead to information disclosure and denial of service. Typical Red Hat OpenShift Container Platform and Kubernetes deployments are not affected, as the Kubernetes API server handles authentication and authorization independently of etcd\u0027s internal mechanisms.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33413"
},
{
"category": "external",
"summary": "RHBZ#2451728",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451728"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33413",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33413"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33413",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33413"
},
{
"category": "external",
"summary": "https://github.com/etcd-io/etcd/security/advisories/GHSA-q8m4-xhhv-38mg",
"url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-q8m4-xhhv-38mg"
}
],
"release_date": "2026-03-26T13:36:10.919000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Restrict network access to etcd server ports to ensure only trusted components can establish connections. Implement strong client identity at the transport layer, such as mTLS, with tightly scoped client certificate distribution. This will limit unauthorized access to etcd functions.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "etcd: etcd: Authorization bypass allows information disclosure and denial of service"
},
{
"cve": "CVE-2026-33487",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-26T18:02:32.278778+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451814"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in goxmlsig, a Go library for XML Digital Signatures. This vulnerability arises from a programming error, specifically a loop variable capture issue, within the `validateSignature` function. When processing XML Digital Signatures, this error can cause the system to incorrectly validate the signature, potentially allowing an attacker to bypass integrity checks. This issue affects Go versions before 1.22 or projects using older `go.mod` configurations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33487"
},
{
"category": "external",
"summary": "RHBZ#2451814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33487"
},
{
"category": "external",
"summary": "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc",
"url": "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc"
}
],
"release_date": "2026-03-26T17:17:51.101000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue"
},
{
"cve": "CVE-2026-33810",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-08T02:01:09.100830+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "RHBZ#2456335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://go.dev/cl/763763",
"url": "https://go.dev/cl/763763"
},
{
"category": "external",
"summary": "https://go.dev/issue/78332",
"url": "https://go.dev/issue/78332"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4866",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
}
],
"release_date": "2026-04-08T01:06:56.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
},
{
"cve": "CVE-2026-33813",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-21T20:01:02.224363+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460221"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted WEBP image with an invalid, large size. This could cause the application to panic and crash on 32-bit platforms, leading to a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33813"
},
{
"category": "external",
"summary": "RHBZ#2460221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33813",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33813"
},
{
"category": "external",
"summary": "https://go.dev/cl/759860",
"url": "https://go.dev/cl/759860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78407",
"url": "https://go.dev/issue/78407"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4961",
"url": "https://pkg.go.dev/vuln/GO-2026-4961"
}
],
"release_date": "2026-04-21T19:21:27.644000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing"
},
{
"cve": "CVE-2026-33997",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2026-03-31T03:01:29.529297+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453277"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Moby, an open-source container framework. This vulnerability allows for a privilege validation bypass during `docker plugin install`. Due to an error in the daemon\u0027s privilege comparison logic, the system may incorrectly accept a plugin\u0027s requested privileges that differ from those approved by the user. This could lead to unauthorized privilege escalation for installed plugins.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "An important flaw in Moby, an open-source container framework, allows for a privilege validation bypass during `docker plugin install`. This issue stems from an error in the daemon\u0027s privilege comparison logic, which could lead to unauthorized privilege escalation for installed plugins. Red Hat products that leverage Moby and allow Docker plugin installation are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33997"
},
{
"category": "external",
"summary": "RHBZ#2453277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453277"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33997",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33997"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33997",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33997"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/releases/tag/docker-v29.3.1",
"url": "https://github.com/moby/moby/releases/tag/docker-v29.3.1"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9",
"url": "https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9"
}
],
"release_date": "2026-03-31T01:36:51.404000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation"
},
{
"cve": "CVE-2026-34040",
"cwe": {
"id": "CWE-807",
"name": "Reliance on Untrusted Inputs in a Security Decision"
},
"discovery_date": "2026-03-31T03:01:34.530713+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453278"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Moby, an open-source container framework. This security vulnerability allows attackers to bypass authorization plugins (AuthZ), which are mechanisms designed to control access and permissions within the container environment. The bypass of these plugins can lead to unauthorized operations and potential compromise of the system\u0027s integrity and confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moby: Moby: Authorization bypass vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34040"
},
{
"category": "external",
"summary": "RHBZ#2453278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34040",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34040"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/releases/tag/docker-v29.3.1",
"url": "https://github.com/moby/moby/releases/tag/docker-v29.3.1"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2",
"url": "https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2"
}
],
"release_date": "2026-03-31T01:36:48.205000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moby: Moby: Authorization bypass vulnerability"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
},
{
"cve": "CVE-2026-40890",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-04-21T20:02:56.729456+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460245"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/gomarkdown/markdown, a Go library for parsing Markdown text and rendering as HTML. A remote attacker could exploit this vulnerability by providing a specially crafted malformed input. Specifically, input containing a \u0027\u003c\u0027 character not followed by a \u0027\u003e\u0027 character, when processed by the SmartypantsRenderer, can lead to an out-of-bounds read or a panic. This can result in a denial of service (DoS) for the application, making it unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/gomarkdown/markdown: github.com/gomarkdown/markdown: Denial of Service via malformed Markdown input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service flaw affecting Red Hat products that utilize the `github.com/gomarkdown/markdown` library. The vulnerability occurs when the `SmartypantsRenderer` processes specially crafted malformed Markdown input containing an unclosed \u0027\u003c\u0027 character, leading to an out-of-bounds read or application panic. A successful exploitation may lead the application using the library unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40890"
},
{
"category": "external",
"summary": "RHBZ#2460245",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460245"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40890",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40890"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40890",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40890"
},
{
"category": "external",
"summary": "https://github.com/gomarkdown/markdown/commit/759bbc3e32073c3bc4e25969c132fc520eda2778",
"url": "https://github.com/gomarkdown/markdown/commit/759bbc3e32073c3bc4e25969c132fc520eda2778"
},
{
"category": "external",
"summary": "https://github.com/gomarkdown/markdown/security/advisories/GHSA-77fj-vx54-gvh7",
"url": "https://github.com/gomarkdown/markdown/security/advisories/GHSA-77fj-vx54-gvh7"
}
],
"release_date": "2026-04-21T19:51:53.237000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/gomarkdown/markdown: github.com/gomarkdown/markdown: Denial of Service via malformed Markdown input"
},
{
"cve": "CVE-2026-41602",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-28T10:01:16.099816+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463407"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Thrift TFramedTransport Go language implementation. This integer overflow or wraparound vulnerability could potentially allow an attacker to cause unexpected behavior or resource exhaustion, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41602"
},
{
"category": "external",
"summary": "RHBZ#2463407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463407"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41602"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41602"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/6",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/6"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:19:06.646000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation"
},
{
"cve": "CVE-2026-41603",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-04-28T10:01:29.782287+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463411"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This vulnerability involves improper validation of server certificates, where the hostname presented in the certificate does not match the expected hostname. A remote attacker could exploit this to impersonate a legitimate server, potentially intercepting or altering sensitive communications and leading to unauthorized access or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Security Bypass via Improper Certificate Hostname Validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41603"
},
{
"category": "external",
"summary": "RHBZ#2463411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463411"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41603"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/7",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/7"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:19:40.564000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Security Bypass via Improper Certificate Hostname Validation"
},
{
"cve": "CVE-2026-41604",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-04-28T10:01:47.903741+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463416"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This out-of-bounds read vulnerability could allow an attacker to access memory outside of allocated bounds. This could lead to information disclosure or potentially a denial of service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41604"
},
{
"category": "external",
"summary": "RHBZ#2463416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463416"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41604",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41604"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41604",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41604"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/5",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/5"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:20:13.996000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability"
},
{
"cve": "CVE-2026-41605",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-28T10:01:54.269412+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463418"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This integer overflow or wraparound vulnerability could potentially lead to unexpected behavior or resource exhaustion, which may impact the availability or integrity of the system. The exact consequences depend on how the overflow is triggered and handled within the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Integer Overflow or Wraparound Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41605"
},
{
"category": "external",
"summary": "RHBZ#2463418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463418"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41605"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41605",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41605"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/4",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/4"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:20:44.319000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Integer Overflow or Wraparound Vulnerability"
},
{
"cve": "CVE-2026-41606",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-04-28T10:01:19.136351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463408"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. An uncontrolled recursion vulnerability exists, which could allow a remote attacker to trigger a Denial of Service (DoS) condition. This occurs when the affected component processes specially crafted input, leading to excessive resource consumption and system unavailability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Denial of Service via uncontrolled recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41606"
},
{
"category": "external",
"summary": "RHBZ#2463408",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463408"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41606"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/3",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/3"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:21:12.815000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Denial of Service via uncontrolled recursion"
},
{
"cve": "CVE-2026-41607",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-04-28T10:01:33.022623+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463412"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This out-of-bounds read vulnerability can lead to the disclosure of sensitive information or a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41607"
},
{
"category": "external",
"summary": "RHBZ#2463412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41607",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41607"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41607",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41607"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/2",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/2"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:21:48.502000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability"
},
{
"cve": "CVE-2026-41636",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-04-28T10:01:03.992199+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463404"
}
],
"notes": [
{
"category": "description",
"text": "Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings\n\nThis issue affects Apache Thrift: before 0.23.0.\n\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache.com/apache/thrift: Apache Thrift: Node.js skip() recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41636"
},
{
"category": "external",
"summary": "RHBZ#2463404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463404"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41636"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/1",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/1"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:22:14.639000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache.com/apache/thrift: Apache Thrift: Node.js skip() recursion"
},
{
"cve": "CVE-2026-43869",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-05T08:00:56.417384+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466660"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This could lead to a security bypass, potentially enabling unauthorized access or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-43869"
},
{
"category": "external",
"summary": "RHBZ#2466660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466660"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-43869",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-43869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43869"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52r",
"url": "https://lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52r"
}
],
"release_date": "2026-05-05T07:25:48.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation"
}
]
}
RHSA-2026:21931
Vulnerability from csaf_redhat - Published: 2026-05-29 08:45 - Updated: 2026-06-30 12:53Summary
Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.20.5
Severity
Important
Notes
Topic: The 1.20.5 GA release of Red Hat OpenShift Pipelines Operator..
For more details see [product documentation](https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines).
Details: The 1.20.5 release of Red Hat OpenShift Pipelines Operator.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a "decompression bomb," during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
136 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
136 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
136 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).
8.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le | — |
Vendor Fix
fix
|
Known not affected
136 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64 | — |
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
136 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the `pathInRepo` parameter. This allows the tenant to read arbitrary files from the resolver pod's filesystem, leading to information disclosure, including sensitive ServiceAccount tokens. The contents of these files are returned in a base64-encoded format.
9.6 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
136 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
136 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64 | — |
Workaround
|
Threats
Impact
Important
References
63 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The 1.20.5 GA release of Red Hat OpenShift Pipelines Operator..\nFor more details see [product documentation](https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines).",
"title": "Topic"
},
{
"category": "general",
"text": "The 1.20.5 release of Red Hat OpenShift Pipelines Operator.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:21931",
"url": "https://access.redhat.com/errata/RHSA-2026:21931"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1526",
"url": "https://access.redhat.com/security/cve/CVE-2026-1526"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1528",
"url": "https://access.redhat.com/security/cve/CVE-2026-1528"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2229",
"url": "https://access.redhat.com/security/cve/CVE-2026-2229"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29063",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33211",
"url": "https://access.redhat.com/security/cve/CVE-2026-33211"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_21931.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.20.5",
"tracking": {
"current_release_date": "2026-06-30T12:53:56+00:00",
"generator": {
"date": "2026-06-30T12:53:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:21931",
"initial_release_date": "2026-05-29T08:45:13+00:00",
"revision_history": [
{
"date": "2026-05-29T08:45:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-29T08:45:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T12:53:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Pipelines 1.2",
"product": {
"name": "Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_pipelines:1.20::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Pipelines"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-console-plugin-rhel9@sha256%3Aaa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9\u0026tag=1779910201"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-manual-approval-gate-controller-rhel9@sha256%3Aff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9\u0026tag=1778858902"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-manual-approval-gate-webhook-rhel9@sha256%3A6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9\u0026tag=1778858839"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-opc-rhel9@sha256%3A4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9\u0026tag=1779509912"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-rhel9-operator@sha256%3Aca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator\u0026tag=1779813223"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-proxy-rhel9@sha256%3Ac3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9\u0026tag=1779813223"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-webhook-rhel9@sha256%3A7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9\u0026tag=1779813223"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-cli-rhel9@sha256%3A7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9\u0026tag=1779865065"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-controller-rhel9@sha256%3A5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9\u0026tag=1779865001"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-watcher-rhel9@sha256%3A2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9\u0026tag=1779865014"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-webhook-rhel9@sha256%3A8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9\u0026tag=1779865064"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-serve-tkn-cli-rhel9@sha256%3A4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9\u0026tag=1779539434"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-cache-rhel9@sha256%3A5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9\u0026tag=1779781652"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-chains-controller-rhel9@sha256%3Aaddbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9\u0026tag=1778859456"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-cli-tkn-rhel9@sha256%3Afeaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9\u0026tag=1779257473"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-api-rhel9@sha256%3Add4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9\u0026tag=1779912703"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-db-migration-rhel9@sha256%3Af41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9\u0026tag=1779912707"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-ui-rhel9@sha256%3Ab076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9\u0026tag=1779912885"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-controller-rhel9@sha256%3Ad7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9\u0026tag=1779824115"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-entrypoint-rhel9@sha256%3A03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9\u0026tag=1779824192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-events-rhel9@sha256%3Af09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-events-rhel9\u0026tag=1779824120"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-nop-rhel9@sha256%3A0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9\u0026tag=1779824303"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-resolvers-rhel9@sha256%3A6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9\u0026tag=1779824367"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-sidecarlogresults-rhel9@sha256%3A92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9\u0026tag=1779824241"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-webhook-rhel9@sha256%3A2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9\u0026tag=1779824365"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-workingdirinit-rhel9@sha256%3Ab3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9\u0026tag=1779824112"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pruner-controller-rhel9@sha256%3Aa935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9\u0026tag=1779396594"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pruner-webhook-rhel9@sha256%3A4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9\u0026tag=1779396660"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-api-rhel9@sha256%3Ad3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9\u0026tag=1779257875"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-retention-policy-agent-rhel9@sha256%3Ac4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9\u0026tag=1779257789"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-watcher-rhel9@sha256%3Abc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9\u0026tag=1779257800"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-controller-rhel9@sha256%3Adaa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9\u0026tag=1779905398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-core-interceptors-rhel9@sha256%3Ae2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9\u0026tag=1779905396"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-eventlistenersink-rhel9@sha256%3A7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9\u0026tag=1779905398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-webhook-rhel9@sha256%3A569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9\u0026tag=1779905395"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-console-plugin-rhel9@sha256%3Af1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9\u0026tag=1779910201"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-manual-approval-gate-controller-rhel9@sha256%3A31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9\u0026tag=1778858902"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-manual-approval-gate-webhook-rhel9@sha256%3A3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9\u0026tag=1778858839"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-opc-rhel9@sha256%3A71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9\u0026tag=1779509912"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-rhel9-operator@sha256%3A726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator\u0026tag=1779813223"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-proxy-rhel9@sha256%3A7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9\u0026tag=1779813223"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-webhook-rhel9@sha256%3A28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9\u0026tag=1779813223"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-cli-rhel9@sha256%3Ab0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9\u0026tag=1779865065"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-controller-rhel9@sha256%3Ae59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9\u0026tag=1779865001"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-watcher-rhel9@sha256%3Ad7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9\u0026tag=1779865014"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-webhook-rhel9@sha256%3Ac6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9\u0026tag=1779865064"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-serve-tkn-cli-rhel9@sha256%3A50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9\u0026tag=1779539434"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-cache-rhel9@sha256%3Af470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9\u0026tag=1779781652"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-chains-controller-rhel9@sha256%3Aa7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9\u0026tag=1778859456"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-cli-tkn-rhel9@sha256%3Aeb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9\u0026tag=1779257473"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-api-rhel9@sha256%3A8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9\u0026tag=1779912703"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-db-migration-rhel9@sha256%3A80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9\u0026tag=1779912707"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-ui-rhel9@sha256%3A728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9\u0026tag=1779912885"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-controller-rhel9@sha256%3A0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9\u0026tag=1779824115"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-entrypoint-rhel9@sha256%3Ace50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9\u0026tag=1779824192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-events-rhel9@sha256%3A2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-events-rhel9\u0026tag=1779824120"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-nop-rhel9@sha256%3Aadeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9\u0026tag=1779824303"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-resolvers-rhel9@sha256%3A688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9\u0026tag=1779824367"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-sidecarlogresults-rhel9@sha256%3A9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9\u0026tag=1779824241"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-webhook-rhel9@sha256%3A21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9\u0026tag=1779824365"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-workingdirinit-rhel9@sha256%3A921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9\u0026tag=1779824112"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pruner-controller-rhel9@sha256%3Aacfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9\u0026tag=1779396594"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pruner-webhook-rhel9@sha256%3A722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9\u0026tag=1779396660"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-api-rhel9@sha256%3A496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9\u0026tag=1779257875"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-retention-policy-agent-rhel9@sha256%3A182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9\u0026tag=1779257789"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-watcher-rhel9@sha256%3A558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9\u0026tag=1779257800"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-controller-rhel9@sha256%3A517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9\u0026tag=1779905398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-core-interceptors-rhel9@sha256%3A815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9\u0026tag=1779905396"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-eventlistenersink-rhel9@sha256%3Aa0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9\u0026tag=1779905398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-webhook-rhel9@sha256%3A9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9\u0026tag=1779905395"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-console-plugin-rhel9@sha256%3A1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9\u0026tag=1779910201"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-manual-approval-gate-controller-rhel9@sha256%3A85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9\u0026tag=1778858902"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-manual-approval-gate-webhook-rhel9@sha256%3Afad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9\u0026tag=1778858839"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-opc-rhel9@sha256%3Ac19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9\u0026tag=1779509912"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-rhel9-operator@sha256%3Adc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator\u0026tag=1779813223"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-proxy-rhel9@sha256%3A190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9\u0026tag=1779813223"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-webhook-rhel9@sha256%3A15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9\u0026tag=1779813223"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-cli-rhel9@sha256%3Ae824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9\u0026tag=1779865065"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-controller-rhel9@sha256%3Aed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9\u0026tag=1779865001"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-watcher-rhel9@sha256%3A965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9\u0026tag=1779865014"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-webhook-rhel9@sha256%3Aab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9\u0026tag=1779865064"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-serve-tkn-cli-rhel9@sha256%3A7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9\u0026tag=1779539434"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-cache-rhel9@sha256%3A3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9\u0026tag=1779781652"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-chains-controller-rhel9@sha256%3A37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9\u0026tag=1778859456"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-cli-tkn-rhel9@sha256%3Aac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9\u0026tag=1779257473"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-api-rhel9@sha256%3A36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9\u0026tag=1779912703"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-db-migration-rhel9@sha256%3Ad6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9\u0026tag=1779912707"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-ui-rhel9@sha256%3A94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9\u0026tag=1779912885"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-controller-rhel9@sha256%3Ad82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9\u0026tag=1779824115"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-entrypoint-rhel9@sha256%3A39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9\u0026tag=1779824192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-events-rhel9@sha256%3A401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-events-rhel9\u0026tag=1779824120"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-nop-rhel9@sha256%3A03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9\u0026tag=1779824303"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-resolvers-rhel9@sha256%3Af40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9\u0026tag=1779824367"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-sidecarlogresults-rhel9@sha256%3Ae1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9\u0026tag=1779824241"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-webhook-rhel9@sha256%3A65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9\u0026tag=1779824365"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-workingdirinit-rhel9@sha256%3Aa14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9\u0026tag=1779824112"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pruner-controller-rhel9@sha256%3A962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9\u0026tag=1779396594"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pruner-webhook-rhel9@sha256%3Af2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9\u0026tag=1779396660"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-api-rhel9@sha256%3Ac7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9\u0026tag=1779257875"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-retention-policy-agent-rhel9@sha256%3Ada61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9\u0026tag=1779257789"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-watcher-rhel9@sha256%3A501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9\u0026tag=1779257800"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-controller-rhel9@sha256%3Af48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9\u0026tag=1779905398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-core-interceptors-rhel9@sha256%3A2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9\u0026tag=1779905396"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-eventlistenersink-rhel9@sha256%3Aa972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9\u0026tag=1779905398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-webhook-rhel9@sha256%3A0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9\u0026tag=1779905395"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-console-plugin-rhel9@sha256%3A629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9\u0026tag=1779910201"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-manual-approval-gate-controller-rhel9@sha256%3A823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9\u0026tag=1778858902"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-manual-approval-gate-webhook-rhel9@sha256%3A37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9\u0026tag=1778858839"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-opc-rhel9@sha256%3Ac978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9\u0026tag=1779509912"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-rhel9-operator@sha256%3A354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator\u0026tag=1779813223"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-proxy-rhel9@sha256%3A7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9\u0026tag=1779813223"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-webhook-rhel9@sha256%3A5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9\u0026tag=1779813223"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-cli-rhel9@sha256%3A77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9\u0026tag=1779865065"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-controller-rhel9@sha256%3A0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9\u0026tag=1779865001"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-watcher-rhel9@sha256%3Ab5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9\u0026tag=1779865014"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-webhook-rhel9@sha256%3A745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9\u0026tag=1779865064"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-serve-tkn-cli-rhel9@sha256%3A0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9\u0026tag=1779539434"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-cache-rhel9@sha256%3Ae9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9\u0026tag=1779781652"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-chains-controller-rhel9@sha256%3Acfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9\u0026tag=1778859456"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-cli-tkn-rhel9@sha256%3A5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9\u0026tag=1779257473"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-api-rhel9@sha256%3A3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9\u0026tag=1779912703"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-db-migration-rhel9@sha256%3A9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9\u0026tag=1779912707"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-ui-rhel9@sha256%3A7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9\u0026tag=1779912885"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-controller-rhel9@sha256%3Af5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9\u0026tag=1779824115"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-entrypoint-rhel9@sha256%3A4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9\u0026tag=1779824192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-events-rhel9@sha256%3Afa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-events-rhel9\u0026tag=1779824120"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-nop-rhel9@sha256%3Ae3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9\u0026tag=1779824303"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-resolvers-rhel9@sha256%3Aa4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9\u0026tag=1779824367"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-sidecarlogresults-rhel9@sha256%3Afa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9\u0026tag=1779824241"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-webhook-rhel9@sha256%3Ac60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9\u0026tag=1779824365"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-workingdirinit-rhel9@sha256%3Abe936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9\u0026tag=1779824112"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pruner-controller-rhel9@sha256%3A98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9\u0026tag=1779396594"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pruner-webhook-rhel9@sha256%3A7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9\u0026tag=1779396660"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-api-rhel9@sha256%3A83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9\u0026tag=1779257875"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-retention-policy-agent-rhel9@sha256%3Abd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9\u0026tag=1779257789"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-watcher-rhel9@sha256%3A2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9\u0026tag=1779257800"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-controller-rhel9@sha256%3A21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9\u0026tag=1779905398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-core-interceptors-rhel9@sha256%3A31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9\u0026tag=1779905396"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-eventlistenersink-rhel9@sha256%3Aeaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9\u0026tag=1779905398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-webhook-rhel9@sha256%3A0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9\u0026tag=1779905395"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1526",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T21:01:25.538271+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447142"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1526"
},
{
"category": "external",
"summary": "RHBZ#2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3481206",
"url": "https://hackerone.com/reports/3481206"
}
],
"release_date": "2026-03-12T20:08:05.950000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-29T08:45:13+00:00",
"details": "Red Hat OpenShift Pipelines is a cloud-native, continuous integration and\ncontinuous delivery (CI/CD) solution based on Kubernetes resources.\nIt uses Tekton building blocks to automate deployments across multiple\nplatforms by abstracting away the underlying implementation details.\nTekton introduces a number of standard custom resource definitions (CRDs)\nfor defining CI/CD pipelines that are portable across Kubernetes distributions.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21931"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression"
},
{
"cve": "CVE-2026-1528",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:36.954017+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447145"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici\u0027s ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via crafted WebSocket frame with large length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1528"
},
{
"category": "external",
"summary": "RHBZ#2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1528",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1528"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3537648",
"url": "https://hackerone.com/reports/3537648"
}
],
"release_date": "2026-03-12T20:21:57.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-29T08:45:13+00:00",
"details": "Red Hat OpenShift Pipelines is a cloud-native, continuous integration and\ncontinuous delivery (CI/CD) solution based on Kubernetes resources.\nIt uses Tekton building blocks to automate deployments across multiple\nplatforms by abstracting away the underlying implementation details.\nTekton introduces a number of standard custom resource definitions (CRDs)\nfor defining CI/CD pipelines that are portable across Kubernetes distributions.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21931"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via crafted WebSocket frame with large length"
},
{
"cve": "CVE-2026-2229",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:29.187989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447143"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client\u0027s Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2229"
},
{
"category": "external",
"summary": "RHBZ#2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3487486",
"url": "https://hackerone.com/reports/3487486"
},
{
"category": "external",
"summary": "https://nodejs.org/api/zlib.html#class-zlibinflateraw",
"url": "https://nodejs.org/api/zlib.html#class-zlibinflateraw"
}
],
"release_date": "2026-03-12T20:27:05.600000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-29T08:45:13+00:00",
"details": "Red Hat OpenShift Pipelines is a cloud-native, continuous integration and\ncontinuous delivery (CI/CD) solution based on Kubernetes resources.\nIt uses Tekton building blocks to automate deployments across multiple\nplatforms by abstracting away the underlying implementation details.\nTekton introduces a number of standard custom resource definitions (CRDs)\nfor defining CI/CD pipelines that are portable across Kubernetes distributions.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21931"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter"
},
{
"cve": "CVE-2026-29063",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-06T19:00:57.982727+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this vulnerability requires that an attacker is able to provide arbitrary data to clients of this library in a way that calls the affected functions with data the attacker controls. In most deployments, the ability to provide data in this fashion requires that an attacker has some degree of privileges to access the affected applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "RHBZ#2445291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw",
"url": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw"
}
],
"release_date": "2026-03-06T18:25:22.438000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-29T08:45:13+00:00",
"details": "Red Hat OpenShift Pipelines is a cloud-native, continuous integration and\ncontinuous delivery (CI/CD) solution based on Kubernetes resources.\nIt uses Tekton building blocks to automate deployments across multiple\nplatforms by abstracting away the underlying implementation details.\nTekton introduces a number of standard custom resource definitions (CRDs)\nfor defining CI/CD pipelines that are portable across Kubernetes distributions.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-29T08:45:13+00:00",
"details": "Red Hat OpenShift Pipelines is a cloud-native, continuous integration and\ncontinuous delivery (CI/CD) solution based on Kubernetes resources.\nIt uses Tekton building blocks to automate deployments across multiple\nplatforms by abstracting away the underlying implementation details.\nTekton introduces a number of standard custom resource definitions (CRDs)\nfor defining CI/CD pipelines that are portable across Kubernetes distributions.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21931"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33211",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-24T00:02:20.093480+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450554"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the `pathInRepo` parameter. This allows the tenant to read arbitrary files from the resolver pod\u0027s filesystem, leading to information disclosure, including sensitive ServiceAccount tokens. The contents of these files are returned in a base64-encoded format.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to have the permission to create ResolutionRequests (e.g., by creating TaskRuns or PipelineRuns that use the git resolver) within at least one specific namespace, limiting the exposure of this issue to authenticated users. Also, an attacker can read any file readable by the resolver pod process, including cluster secrets, allowing an escalation of privileges from namespace-scoped access to cluster-wide access. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33211"
},
{
"category": "external",
"summary": "RHBZ#2450554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33211",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33211"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c",
"url": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5",
"url": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd",
"url": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae",
"url": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e",
"url": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db",
"url": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78",
"url": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c",
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c"
}
],
"release_date": "2026-03-23T23:55:54.089000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-29T08:45:13+00:00",
"details": "Red Hat OpenShift Pipelines is a cloud-native, continuous integration and\ncontinuous delivery (CI/CD) solution based on Kubernetes resources.\nIt uses Tekton building blocks to automate deployments across multiple\nplatforms by abstracting away the underlying implementation details.\nTekton introduces a number of standard custom resource definitions (CRDs)\nfor defining CI/CD pipelines that are portable across Kubernetes distributions.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21931"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, restrict the creation of ResolutionRequests to trusted users and service accounts. Implement strict Role-Based Access Control (RBAC) policies to limit which tenants can create TaskRuns or PipelineRuns that utilize the Tekton Pipelines git resolver. This reduces the exposure by preventing unauthorized access to the resolver pod\u0027s filesystem.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-29T08:45:13+00:00",
"details": "Red Hat OpenShift Pipelines is a cloud-native, continuous integration and\ncontinuous delivery (CI/CD) solution based on Kubernetes resources.\nIt uses Tekton building blocks to automate deployments across multiple\nplatforms by abstracting away the underlying implementation details.\nTekton introduces a number of standard custom resource definitions (CRDs)\nfor defining CI/CD pipelines that are portable across Kubernetes distributions.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21931"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:3c7e750a8230733a4f482aee3c4c000a67e52c8f5f149273e609b98fd18ddb10_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:5d2a1ee4f9a0fbb0a9d56d7b6c1fd94241cdc02a9d192ee8f4e004f9f0dd0cd8_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:e9561cd2ffa12f446af4b3618bf99575084e7c0e2c8972c0a112dd1580fb0515_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:f470f482deeebe42ebc4fbc2c5c8ddae8c0c9e71ebb45abf150e1221b18e8621_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:37a363f8aab7c6bc87729d98ff32a44669e033ef1598cd6275262b3aec7a7950_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:a7a9fad55880a24ef13252871a7eac22efef85d4f50ea71979d97f7dba504fa7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:addbf352dd4cbb2b7fdf16ac57d2ff8d4a6f72701b3ac75a1194debbfbfc0e96_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:cfbf1f68e6896abb7f2795c49e51d2d607534555ba4b754eb79c90ff40955f99_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:5066441d93db8c875c341307083d71371fbf656d22036d1cdc6d07c5f4363e15_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:ac0f4351612091aceeb5de41e0776ad9fffce43c15cea5cf82e23655f9e83491_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:eb396c01ff2ff283850eff1469eda34bc964cc512bc33b031b62c89ebee45643_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel9@sha256:feaa053f49eb5d7f890647a0b6f365a80b82b18988a0f6d5467221bc52a6cb7e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:1a687d78104fa92356a6af1ef4b5564d8bfd8fa9bc1b02b7ccbdc598be190654_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:629e0d9b1ca93751ad9f19328ef65019179fa886d9029088380a429532dc6681_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:aa1af86676fae99c0e2f3ea50ca2ba44223ccb4289c884d65cfacdd286e85d31_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-console-plugin-rhel9@sha256:f1ba93478d47803d30cf65bea363e7d6e660683e4a2245979f009117b6f6fe5c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:0edb8944b49cd12ee073cdcd26ce61e0ff95fac17b3133e1c4b939962f4b54ae_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d7f65bf6390c8d16e4db818d1d4133d289cda151a9d6c1196b106416971a9061_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:d82e2c22fc88b0069dfc535797a7fe50113ebbfc0b3492c952eff0ccd0496029_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-controller-rhel9@sha256:f5f7b0cd1a79d803b6027c264a041cde6fe8e6b9b26279ebc901e8ef4afa20f0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:03f625e0c0c406ce688b18485b8b310f7de4fec4e6fcd7eec6b31d8f0e5613e2_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:39656fa56396d5c31e25331d03948b3ad5067cc4119f24d9c0ad0f2185a8b9a0_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:4a4d0bf0eae7b1d07cf7a37a0bcbf862f9eacc0ff6a6aaaf935cbd20e90e67ed_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel9@sha256:ce50f39a31b70bad477cfe217341ac62328fc63d5380dd34547a494ce9f896bb_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:2108be73f60cb77d8e639d694429efee711e358f3b0d6a46068b0be1ce13a478_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:401db4e85fffd7670f702658dd1c02c07640f07667f66984a0b52ebd491062f9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:f09ace1d218c3e544591176706376fe7c30a0a83b332b4b11f6c0de5c0fdb622_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:fa4480d53c94a4865fe6924588cb17f52be93948abb76b5dac2356bf95d49af3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:3347495c87dcfaf7cdd83a156d7e1cd6a09b396ef028999aa28fcd5a48e10b0e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:36b014cee87baa0133e46de98b30fe82ad77d43c1c47b71b0d04f07be9fad035_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:8b0e8dde8551aedb5bf139e6874bd65b64c7e9a5b8b9e526fce4aea3555ed389_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:dd4d7d6476af68f3abdcc8744956696ffb795c3ad27f3cc5cfaa2078c2ddc394_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:80a6eac6c4024a0243fd1e3bece6950fdd436af1d3d31519c68c6216bffdb2db_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9ea61da384e23d15b2697ff58050979289d6502a92e71c4f73076ef6afb15497_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:d6eecd7aed4c9203049f2bd4af8404cd88eedc475b81952ffa18fa3f49833882_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:f41b3c09f0a242c0046ead5323ba0c3f06eb43fea00e2d3a7fada13b258618c0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:728413bd2e8c207f77f28c4ce9ba091c8a31dc89ae9a6954854e2d8ffc90f4b9_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:7be076ea80acb3bfc7bd238040f9d18836d74ca277e48f01e6c09d3d4362bc8b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:94f036095f4eea072b7263f8da8abddaeb5853fd097b541e1805ccea011a2922_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel9@sha256:b076dbc3299ccef75271e0f3fb86f09ad9e156ec4219e614af784e2b075802f1_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:31e463230c4232cbf5e13ed9e76bc9b5f894001b9d760d816944087337bc7860_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:823c69233e431b32e55706f4340ac837d039605acedeaef0f6374653ce06844b_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:85a526a6c08a58a3ff695ff70937eb4c735fba30b9e0981cd54d71b7f6658b48_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:ff701eddd468d6d31f919675728f6ff7eda16ccab81bb6c54837139565dc9513_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:3491440ceadc7c709ddce897963c3b1a1fd77503e0a07c46a57c85f1be821666_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:37007390276a95081a4548ed82b1019bbdb6fe08739eee21b5dae4cf2afc321f_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:6890c7c9ec7d3373daacdf38b05f264f01a000398b5155c372e55344d6db7d5d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-webhook-rhel9@sha256:fad4474900ee01e7000636e77c110d5600cfd271190d8e953b4fe9625903b8a1_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:03c51c10474faf33ac9bd2cae679a0a5091d9fb28752d85189e90ebb319b4dae_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:0f39841e3aedc83a35a628de6ad913cb014eb0cac5c509ea0cd8d8e9b81237cb_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:adeaba6fa77e01bd3701a15e5bcef98c4c07f9216c9a593e90137649ec314e6b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:e3e7004a6bc13d700baa136ad9de70a83bbf9360108ebfff60b9466ac43e7bcd_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:4efb0a702cff8a3a1a811130d530a2f6a435a0833859b23bf3bbf6ea74428ec4_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:71050543c5e5d6efe3d72866b009920a59c48e48a0979b420c2ca2b6c35639df_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c19888fede5dd2c3cd136e039a44e9f708da8ce062a8642d531feeb1c856de3b_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-opc-rhel9@sha256:c978df3e7c87e5a40f9822bafbabd10b3a3f4ac470195837d954ade1844ac2f1_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:190ff21f125bd34c43eb1e0797f6e18111371064f07d8e945b561db8d1bfe66e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7fd678bf4a0670cb65b984c743d778a7d0e0f7c030f142caf81e7359d84eb4f1_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:7ffe79484c29848f22df0fb001fc8a71d3da9532af10b10d9373b57a27e6a567_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel9@sha256:c3daed688492b3e74a57e0816a4417050dd10d0ddcdf5bb57a3672bdc942c603_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:15dc2742bd0cf6519b256f959a88abb6158692251cfa46d9b497e459f8670cf3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:28fb55fa674c175fb2efd9381f353d80eb6b9bab9c3b67aec681f31192d5b4bf_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:5444dd0ff71afc44c43546d4c24597b1bc31c6b81de2fd8d740b39ec1a565492_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel9@sha256:7e118964792b7357b1a8f0c53d21b78eb0184ace92a7215d9d4e61c7e4774805_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:77632bee7a2160d03fedaf2e26598b35482211771f037afba114aabb2771dfc3_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:7fd0ca731f4f6e520e65e33a9a2cd30d6e0693be97b904a18d575064c5ce2355_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:b0be1b04cfc30984d757fd528f527c3e76a1b6a624437167620dd6fc5bbc0b26_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:e824a6e4c87bb571d4a41b0b1bf120e9c6485776ee4575977d5a402921508acb_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:0b165040657b16770b52a0cde7be46db0d6410e6d502b11e7b6053f9ad441c49_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:5e2e305f33c5679a522ffa17622d714a5662654754cbe3cf00952a0e835c89d0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:e59375c7643ac4d19d26f44b0de400c6a9d571ea64fdb80181948e7f5b15919b_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:ed489b4d27daec80e8670fc7d1aa7b703dd27406d36668a3d8d4815eaa5273e2_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:2c5dff36740f64a3abed73e06128e0d00e19b345071dd27740ab4ecb71cc143a_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:965ae7324c4853494f149f4e7adb5eced2347c20b5b35811ffd4b27a35a95b55_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:b5e0f970a87d4187beea256a9487ecef5375e5bdd5352f0beb5a035a626aa338_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:d7b9fde9e7cbcca7e6e9cdf5bf8ccc8d05bbb3ad588863ba3d8e083dd4f67dd7_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:745e264c8d26750a2c009f6a19306b9b4d40bd001d0eb99d0104ba296ef4a85c_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:8d381b730eb73c4024afb44ec23c9dde692831a01dacb141fb2f2e1161fa8841_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:ab03345c9784023d9696d14660e6dca2afe5b8d122190f0186574d7b2bd01990_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:c6c150d7a07e0d8b014511b28d3cd06f25aaccebeadd1df99e93d8fad939674c_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:962ca057a56cef2859e10ceca06f767370cf05ec57e375725ddf6044ba0078a9_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:98a27612f013529ae41b4e0a243421b590325802f1a47115f1b69f6617a332d9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:a935079a39ac4dd552a18ae9fd3c06f0c7b23ebfc723c97b9b29f60007fa6d9e_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:acfd451104c5ecba17b8676b82a835129f15954ad811f6af39f56a9c102c99e2_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:4553cc0883b245081e39c3e2513017439d7ee011607ff4392a70069dfec4d38f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:722053e22ce9d90c49d145f139f8e2ff9c4f69cd0f5606a43522ecd03509f466_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:7310ddd00f332afbff27b423518c0458255de5281ae6ca7c529ae967660ae2e5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-pruner-webhook-rhel9@sha256:f2e47d5fef1bdba7df04845304650ae7738d1c3204c3ffe5b109bcc085fb2161_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:688ddfd29723067958a2784a5ff3beb3e301e2dea97c2df8c45a5736ad80d180_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:6d9d9cd56c4f9b2d67385ce8d66ecb076b436541d4612ec28648bbdf366d4223_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:a4e4b36370e4d59dde0c7ed938b31697b439013477213fa15c2e67d68e3e6455_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:f40b11eaef580dfac861c53ce530df38ed1453336e109705582864cb36a2cc63_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:496609cbbbe63cc7cab745b92de1bfa588df13302d0e81f386ace0401f767f77_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:83a157a8bbd5ca87aff941b4884fde977648e570fcf94960a69454a1b8dd93c5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:c7e5928bd0c07c168a3f0f0946869f9e054cca2e5fd5015860b07d18328a8dd3_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:d3957e49b335b24cfcffa216dc7541bb6e64ebd71cebed7fc3b67c13efca9856_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:182e4681a826df69e4699a1c0e25fc4f6e65d84f5197520b4aa9fadc37ec8686_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:bd55ce999ac34585ffdaeaeeb73a66b3983b1b2f8d6809ee7b68154bd65a0bc5_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:c4f356000858cec0c6888d5f560c6b06d7a2b3370dad295e8556566ee5576155_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:da61b62e427cd22470c39e9e6bd77eaf1d5233f2905933c07e94ebfa932660cd_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:2ac06f6e1ee2fddc4732cc9acada6c879dd4da4e3435b7daefd14f8587bbb32e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:501b5f4980f6aa8cf539976332f2ca06b2053f5c96821d229a89d59c8c328d05_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:558c9f8c773fae2c42173908d7b9d62cd40645a9677b26b90ca586ed8b55936d_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:bc5c6abd3e462c188df4151287d5f2f4c1416aafbbd6e3e7c96afaf73f688059_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:354f9fe9fda1a1b3d38723589a547533810ebceaca010abc92437d54b73ed601_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:726cc049c028bea24e6501a0007c7a53d29490d7c5b1488df443da92d3689ed0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:ca87fd048385531dad4fe8d7c11057f6c68f5c2f20dce3ef804db460950cacea_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-rhel9-operator@sha256:dc34bf85cccd7c621d0a55da040f155d67afece882bcfbed6645070f9ec97ab8_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:0acc644c9f8c4f2ec286d3a64e1da72a0f8ca59f81dae15724142a646b002ad0_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:4de2ee6f69927025effa047082d6183a0f8219d3ba2351ccf1818f2379e73a43_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:50e2d43dfc82695e0c7ff9fd6818c2bd50890bbd8f343636b0fe5f72e2dee0dc_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel9@sha256:7dc8df48eb43419f45c7b31044bb13880a9fd03a2568e704190248d5842ac806_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:92dffb3850038e6c8f6ed510565a98e4a5e602c114b07de0181caa7eca0a667f_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:9b3c2fe6cdfc661f965ff94cd0511bfa124b8b8a2bc5278d3aaa8c0da71f07b0_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:e1b48c0c82d5f77daf353c863a92a9ad2f952a8824a24f6f1a32d2a8c86f3cf4_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-sidecarlogresults-rhel9@sha256:fa867d7edcc9af8801db1fe879c358ab824383b2e6ccce63a196052d4330e0e9_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:21c6f80349f6c77250548ad94fd3a47d63267010ab11effa113cc625cbdb97cf_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:517e71186a2960673b575a5a37af45a24338b50d3d0f3b897460829374838acd_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:daa342ed0a58f82be9805fcf62a65557444632f35bf8053ef9dfd72ec631a62b_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f48476396e73423117ac0d15b0ede55d5bf84e100c7fc8d7e02b4fe2b5620658_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:2508489896b165db52dd9d39895647a3a72ae0aa2e3882cdce720124dcddaf5e_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:31209ef49be245f7f1846112b467ac153298e3c96fbc18212d685f389c4bf422_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:815fe726b4e83ffa4daaf5c88a8cf56cbb8db9d16074718769b80df6e97a6e53_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:e2d006c7a3830ac944a94e928817e1b52f3319c2d166c497dd9357817a2d7ec0_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:7bb390b3425fd43ab21840088bda5fd58ca9e68bce090776fa1ae4c3ba0997db_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a0d6c2120090d8db7d4bb99e12eba89069c5c96a4163e4bdc63f2535dae4e6aa_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:a972a3d3d5f13d86a50844a23f781cb4a061694337242dbc0ea6cbbd1a9870a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:eaba273d7abc3e0b34129e8846d7ae101b3d462e08b39c189f46f5983820da26_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0c0ee766f4d649a591f73ab407ca4e7fe71d2adaa98ad73ec4f2ce448da2ec31_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:0f0cd09b43fc85b44c2b8bfe7eda25b72994ef3595c4a8edc3d3d4220a7f45f6_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:569783ca369f98e9269a5c731a2c7ed87442f84c5f9ad7a12cbf59945201ceb3_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:9c4a10520395dd1b5aa1bbe6459daf41c35500296653dedd9711b29495b77721_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:21cc58db3395a4c82db40d1202a03a63ad709e31a6d7d406cf5ff8266b936961_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:2390badfab84b2eb3c5eae8151d1a0473b6e21ed08cf9cfb380c07ee80d2c1e7_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:65a46dc0c49e44fc6daa65c975f4b9d079eea7bb14a6454c45caed6634a328a6_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:c60aa4bb8fe8f98e9483281fc1c7f716a5264d1eeba211751c34151f9a15752e_amd64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:921c1f61c9752e711691cd27f26844b1c28e0d97d90e2bfd9a6c78ece6099655_ppc64le",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:a14c26b8da62ba6ff188a81805f3874c147342ca59a6b2d81cd40f913fd95901_s390x",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:b3f2eb946f47b2e28422369c63050c60ea740517a81d37ffa7d215579b46231d_arm64",
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel9@sha256:be936aa63ffd77dc04d9c6f343864f34380352bff87e59d6bc60e9e6cc2a21d1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
}
]
}
RHSA-2026:21932
Vulnerability from csaf_redhat - Published: 2026-05-29 09:15 - Updated: 2026-06-30 12:53Summary
Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.20.5
Severity
Important
Notes
Topic: The 1.20.5 GA release of Red Hat OpenShift Pipelines Operator..
For more details see [product documentation](https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines).
Details: The 1.20.5 release of Red Hat OpenShift Pipelines Operator.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:f4100f181620f5424e66633dbdd3c7402c8db75f93c54fe092ff2301d8dd0015_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the `pathInRepo` parameter. This allows the tenant to read arbitrary files from the resolver pod's filesystem, leading to information disclosure, including sensitive ServiceAccount tokens. The contents of these files are returned in a base64-encoded format.
9.6 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:f4100f181620f5424e66633dbdd3c7402c8db75f93c54fe092ff2301d8dd0015_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:f4100f181620f5424e66633dbdd3c7402c8db75f93c54fe092ff2301d8dd0015_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The 1.20.5 GA release of Red Hat OpenShift Pipelines Operator..\nFor more details see [product documentation](https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines).",
"title": "Topic"
},
{
"category": "general",
"text": "The 1.20.5 release of Red Hat OpenShift Pipelines Operator.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:21932",
"url": "https://access.redhat.com/errata/RHSA-2026:21932"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33211",
"url": "https://access.redhat.com/security/cve/CVE-2026-33211"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_21932.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.20.5",
"tracking": {
"current_release_date": "2026-06-30T12:53:58+00:00",
"generator": {
"date": "2026-06-30T12:53:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:21932",
"initial_release_date": "2026-05-29T09:15:29+00:00",
"revision_history": [
{
"date": "2026-05-29T09:15:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-29T09:15:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T12:53:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Pipelines 1.2",
"product": {
"name": "Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_pipelines:1.20::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Pipelines"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:f4100f181620f5424e66633dbdd3c7402c8db75f93c54fe092ff2301d8dd0015_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:f4100f181620f5424e66633dbdd3c7402c8db75f93c54fe092ff2301d8dd0015_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:f4100f181620f5424e66633dbdd3c7402c8db75f93c54fe092ff2301d8dd0015_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-bundle@sha256%3Af4100f181620f5424e66633dbdd3c7402c8db75f93c54fe092ff2301d8dd0015?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-bundle\u0026tag=1780044955"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:f4100f181620f5424e66633dbdd3c7402c8db75f93c54fe092ff2301d8dd0015_amd64 as a component of Red Hat OpenShift Pipelines 1.2",
"product_id": "Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:f4100f181620f5424e66633dbdd3c7402c8db75f93c54fe092ff2301d8dd0015_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:f4100f181620f5424e66633dbdd3c7402c8db75f93c54fe092ff2301d8dd0015_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:f4100f181620f5424e66633dbdd3c7402c8db75f93c54fe092ff2301d8dd0015_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-29T09:15:29+00:00",
"details": "Red Hat OpenShift Pipelines is a cloud-native, continuous integration and\ncontinuous delivery (CI/CD) solution based on Kubernetes resources.\nIt uses Tekton building blocks to automate deployments across multiple\nplatforms by abstracting away the underlying implementation details.\nTekton introduces a number of standard custom resource definitions (CRDs)\nfor defining CI/CD pipelines that are portable across Kubernetes distributions.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:f4100f181620f5424e66633dbdd3c7402c8db75f93c54fe092ff2301d8dd0015_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21932"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:f4100f181620f5424e66633dbdd3c7402c8db75f93c54fe092ff2301d8dd0015_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:f4100f181620f5424e66633dbdd3c7402c8db75f93c54fe092ff2301d8dd0015_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33211",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-24T00:02:20.093480+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450554"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the `pathInRepo` parameter. This allows the tenant to read arbitrary files from the resolver pod\u0027s filesystem, leading to information disclosure, including sensitive ServiceAccount tokens. The contents of these files are returned in a base64-encoded format.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to have the permission to create ResolutionRequests (e.g., by creating TaskRuns or PipelineRuns that use the git resolver) within at least one specific namespace, limiting the exposure of this issue to authenticated users. Also, an attacker can read any file readable by the resolver pod process, including cluster secrets, allowing an escalation of privileges from namespace-scoped access to cluster-wide access. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:f4100f181620f5424e66633dbdd3c7402c8db75f93c54fe092ff2301d8dd0015_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33211"
},
{
"category": "external",
"summary": "RHBZ#2450554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33211",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33211"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c",
"url": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5",
"url": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd",
"url": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae",
"url": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e",
"url": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db",
"url": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78",
"url": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c",
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c"
}
],
"release_date": "2026-03-23T23:55:54.089000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-29T09:15:29+00:00",
"details": "Red Hat OpenShift Pipelines is a cloud-native, continuous integration and\ncontinuous delivery (CI/CD) solution based on Kubernetes resources.\nIt uses Tekton building blocks to automate deployments across multiple\nplatforms by abstracting away the underlying implementation details.\nTekton introduces a number of standard custom resource definitions (CRDs)\nfor defining CI/CD pipelines that are portable across Kubernetes distributions.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:f4100f181620f5424e66633dbdd3c7402c8db75f93c54fe092ff2301d8dd0015_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21932"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, restrict the creation of ResolutionRequests to trusted users and service accounts. Implement strict Role-Based Access Control (RBAC) policies to limit which tenants can create TaskRuns or PipelineRuns that utilize the Tekton Pipelines git resolver. This reduces the exposure by preventing unauthorized access to the resolver pod\u0027s filesystem.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:f4100f181620f5424e66633dbdd3c7402c8db75f93c54fe092ff2301d8dd0015_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:f4100f181620f5424e66633dbdd3c7402c8db75f93c54fe092ff2301d8dd0015_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:f4100f181620f5424e66633dbdd3c7402c8db75f93c54fe092ff2301d8dd0015_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-29T09:15:29+00:00",
"details": "Red Hat OpenShift Pipelines is a cloud-native, continuous integration and\ncontinuous delivery (CI/CD) solution based on Kubernetes resources.\nIt uses Tekton building blocks to automate deployments across multiple\nplatforms by abstracting away the underlying implementation details.\nTekton introduces a number of standard custom resource definitions (CRDs)\nfor defining CI/CD pipelines that are portable across Kubernetes distributions.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:f4100f181620f5424e66633dbdd3c7402c8db75f93c54fe092ff2301d8dd0015_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21932"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:f4100f181620f5424e66633dbdd3c7402c8db75f93c54fe092ff2301d8dd0015_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Pipelines 1.2:registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:f4100f181620f5424e66633dbdd3c7402c8db75f93c54fe092ff2301d8dd0015_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
}
]
}
RHSA-2026:22258
Vulnerability from csaf_redhat - Published: 2026-06-01 06:42 - Updated: 2026-06-30 12:54Summary
Red Hat Security Advisory: Assisted Installer RHEL 8 components for Multicluster Engine for Kubernetes 2.8.7
Severity
Important
Notes
Topic: Assisted installer RHEL 8 components for the multicluster engine for Kubernetes 2.8.7 General Availability release, with updates to container images.
Details: Assisted Installer RHEL 8 integrates components for the general multicluster engine
for Kubernetes 2.8.7 release that simplify the process of deploying OpenShift Container
Platform clusters.
The multicluster engine for Kubernetes provides the foundational components
that are necessary for the centralized management of multiple
Kubernetes-based clusters across data centers, public clouds, and private
clouds.
You can use the engine to create new Red Hat OpenShift Container Platform
clusters, or to import existing Kubernetes-based clusters for management.
After the clusters are managed, you can use the APIs that
are provided by the engine to distribute configuration based on placement
policy.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:0578fe32759bccad07a8624017ee4629a21b3623393af20cc16f0819a0d71cf1_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:77ea535479c2c3e814107d03bd79f670c7c8ce641ff16482065ac7d5a9d818c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9bcb737b6ba68fc378edaa56d3b20900807df3f463c45628f4f2bc12d099b03a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:b9ffe0abc4785e59a27e0a0d2b6e0c6f9242a73691800252d1c9741bfcc389b4_s390x | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:0578fe32759bccad07a8624017ee4629a21b3623393af20cc16f0819a0d71cf1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:77ea535479c2c3e814107d03bd79f670c7c8ce641ff16482065ac7d5a9d818c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9bcb737b6ba68fc378edaa56d3b20900807df3f463c45628f4f2bc12d099b03a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:b9ffe0abc4785e59a27e0a0d2b6e0c6f9242a73691800252d1c9741bfcc389b4_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Assisted installer RHEL 8 components for the multicluster engine for Kubernetes 2.8.7 General Availability release, with updates to container images.",
"title": "Topic"
},
{
"category": "general",
"text": "Assisted Installer RHEL 8 integrates components for the general multicluster engine\nfor Kubernetes 2.8.7 release that simplify the process of deploying OpenShift Container\nPlatform clusters.\n\nThe multicluster engine for Kubernetes provides the foundational components\nthat are necessary for the centralized management of multiple\nKubernetes-based clusters across data centers, public clouds, and private\nclouds.\n\nYou can use the engine to create new Red Hat OpenShift Container Platform\nclusters, or to import existing Kubernetes-based clusters for management.\n\nAfter the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22258",
"url": "https://access.redhat.com/errata/RHSA-2026:22258"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22258.json"
}
],
"title": "Red Hat Security Advisory: Assisted Installer RHEL 8 components for Multicluster Engine for Kubernetes 2.8.7",
"tracking": {
"current_release_date": "2026-06-30T12:54:00+00:00",
"generator": {
"date": "2026-06-30T12:54:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:22258",
"initial_release_date": "2026-06-01T06:42:53+00:00",
"revision_history": [
{
"date": "2026-06-01T06:42:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-01T06:42:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T12:54:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "multicluster engine for Kubernetes 2.8",
"product": {
"name": "multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_engine:2.8::el8"
}
}
}
],
"category": "product_family",
"name": "multicluster engine for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:77ea535479c2c3e814107d03bd79f670c7c8ce641ff16482065ac7d5a9d818c3_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:77ea535479c2c3e814107d03bd79f670c7c8ce641ff16482065ac7d5a9d818c3_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:77ea535479c2c3e814107d03bd79f670c7c8ce641ff16482065ac7d5a9d818c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-8-rhel8@sha256%3A77ea535479c2c3e814107d03bd79f670c7c8ce641ff16482065ac7d5a9d818c3?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-service-8-rhel8\u0026tag=1779910504"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:0578fe32759bccad07a8624017ee4629a21b3623393af20cc16f0819a0d71cf1_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:0578fe32759bccad07a8624017ee4629a21b3623393af20cc16f0819a0d71cf1_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:0578fe32759bccad07a8624017ee4629a21b3623393af20cc16f0819a0d71cf1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-8-rhel8@sha256%3A0578fe32759bccad07a8624017ee4629a21b3623393af20cc16f0819a0d71cf1?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-service-8-rhel8\u0026tag=1779910504"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9bcb737b6ba68fc378edaa56d3b20900807df3f463c45628f4f2bc12d099b03a_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9bcb737b6ba68fc378edaa56d3b20900807df3f463c45628f4f2bc12d099b03a_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9bcb737b6ba68fc378edaa56d3b20900807df3f463c45628f4f2bc12d099b03a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-8-rhel8@sha256%3A9bcb737b6ba68fc378edaa56d3b20900807df3f463c45628f4f2bc12d099b03a?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-service-8-rhel8\u0026tag=1779910504"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:b9ffe0abc4785e59a27e0a0d2b6e0c6f9242a73691800252d1c9741bfcc389b4_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:b9ffe0abc4785e59a27e0a0d2b6e0c6f9242a73691800252d1c9741bfcc389b4_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:b9ffe0abc4785e59a27e0a0d2b6e0c6f9242a73691800252d1c9741bfcc389b4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-8-rhel8@sha256%3Ab9ffe0abc4785e59a27e0a0d2b6e0c6f9242a73691800252d1c9741bfcc389b4?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-service-8-rhel8\u0026tag=1779910504"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:0578fe32759bccad07a8624017ee4629a21b3623393af20cc16f0819a0d71cf1_arm64 as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:0578fe32759bccad07a8624017ee4629a21b3623393af20cc16f0819a0d71cf1_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:0578fe32759bccad07a8624017ee4629a21b3623393af20cc16f0819a0d71cf1_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:77ea535479c2c3e814107d03bd79f670c7c8ce641ff16482065ac7d5a9d818c3_amd64 as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:77ea535479c2c3e814107d03bd79f670c7c8ce641ff16482065ac7d5a9d818c3_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:77ea535479c2c3e814107d03bd79f670c7c8ce641ff16482065ac7d5a9d818c3_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9bcb737b6ba68fc378edaa56d3b20900807df3f463c45628f4f2bc12d099b03a_ppc64le as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9bcb737b6ba68fc378edaa56d3b20900807df3f463c45628f4f2bc12d099b03a_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9bcb737b6ba68fc378edaa56d3b20900807df3f463c45628f4f2bc12d099b03a_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:b9ffe0abc4785e59a27e0a0d2b6e0c6f9242a73691800252d1c9741bfcc389b4_s390x as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:b9ffe0abc4785e59a27e0a0d2b6e0c6f9242a73691800252d1c9741bfcc389b4_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:b9ffe0abc4785e59a27e0a0d2b6e0c6f9242a73691800252d1c9741bfcc389b4_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:0578fe32759bccad07a8624017ee4629a21b3623393af20cc16f0819a0d71cf1_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:77ea535479c2c3e814107d03bd79f670c7c8ce641ff16482065ac7d5a9d818c3_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9bcb737b6ba68fc378edaa56d3b20900807df3f463c45628f4f2bc12d099b03a_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:b9ffe0abc4785e59a27e0a0d2b6e0c6f9242a73691800252d1c9741bfcc389b4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T06:42:53+00:00",
"details": "For more information about Assisted Installer, see the following documentation:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/clusters/cluster_mce_overview#cim-intro\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/clusters/cluster_mce_overview#mce-install-intro\n\nThis documentation will be available after the general availability release of Red Hat Advanced Cluster Management 2.13.",
"product_ids": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:0578fe32759bccad07a8624017ee4629a21b3623393af20cc16f0819a0d71cf1_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:77ea535479c2c3e814107d03bd79f670c7c8ce641ff16482065ac7d5a9d818c3_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9bcb737b6ba68fc378edaa56d3b20900807df3f463c45628f4f2bc12d099b03a_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:b9ffe0abc4785e59a27e0a0d2b6e0c6f9242a73691800252d1c9741bfcc389b4_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22258"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:0578fe32759bccad07a8624017ee4629a21b3623393af20cc16f0819a0d71cf1_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:77ea535479c2c3e814107d03bd79f670c7c8ce641ff16482065ac7d5a9d818c3_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9bcb737b6ba68fc378edaa56d3b20900807df3f463c45628f4f2bc12d099b03a_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:b9ffe0abc4785e59a27e0a0d2b6e0c6f9242a73691800252d1c9741bfcc389b4_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:0578fe32759bccad07a8624017ee4629a21b3623393af20cc16f0819a0d71cf1_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:77ea535479c2c3e814107d03bd79f670c7c8ce641ff16482065ac7d5a9d818c3_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9bcb737b6ba68fc378edaa56d3b20900807df3f463c45628f4f2bc12d099b03a_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:b9ffe0abc4785e59a27e0a0d2b6e0c6f9242a73691800252d1c9741bfcc389b4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T06:42:53+00:00",
"details": "For more information about Assisted Installer, see the following documentation:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/clusters/cluster_mce_overview#cim-intro\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/clusters/cluster_mce_overview#mce-install-intro\n\nThis documentation will be available after the general availability release of Red Hat Advanced Cluster Management 2.13.",
"product_ids": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:0578fe32759bccad07a8624017ee4629a21b3623393af20cc16f0819a0d71cf1_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:77ea535479c2c3e814107d03bd79f670c7c8ce641ff16482065ac7d5a9d818c3_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9bcb737b6ba68fc378edaa56d3b20900807df3f463c45628f4f2bc12d099b03a_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:b9ffe0abc4785e59a27e0a0d2b6e0c6f9242a73691800252d1c9741bfcc389b4_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22258"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:0578fe32759bccad07a8624017ee4629a21b3623393af20cc16f0819a0d71cf1_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:77ea535479c2c3e814107d03bd79f670c7c8ce641ff16482065ac7d5a9d818c3_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9bcb737b6ba68fc378edaa56d3b20900807df3f463c45628f4f2bc12d099b03a_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:b9ffe0abc4785e59a27e0a0d2b6e0c6f9242a73691800252d1c9741bfcc389b4_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:0578fe32759bccad07a8624017ee4629a21b3623393af20cc16f0819a0d71cf1_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:77ea535479c2c3e814107d03bd79f670c7c8ce641ff16482065ac7d5a9d818c3_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9bcb737b6ba68fc378edaa56d3b20900807df3f463c45628f4f2bc12d099b03a_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:b9ffe0abc4785e59a27e0a0d2b6e0c6f9242a73691800252d1c9741bfcc389b4_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
}
]
}
RHSA-2026:22260
Vulnerability from csaf_redhat - Published: 2026-06-01 06:45 - Updated: 2026-06-30 12:54Summary
Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.8.7
Severity
Important
Notes
Topic: Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.8.7 General Availability release, with updates to container images.
Details: Assisted Installer RHEL 9 integrates components for the general multicluster engine
for Kubernetes 2.8.7 release that simplify the process of deploying OpenShift Container
Platform clusters.
The multicluster engine for Kubernetes provides the foundational components
that are necessary for the centralized management of multiple
Kubernetes-based clusters across data centers, public clouds, and private
clouds.
You can use the engine to create new Red Hat OpenShift Container Platform
clusters, or to import existing Kubernetes-based clusters for management.
After the clusters are managed, you can use the APIs that
are provided by the engine to distribute configuration based on placement
policy.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:5a9521f8da26d292b340af25e3aaa6813ccbd332447530011ba0197cb922c683_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:76f9aeb931bde7710f763310488da882875c7e0228b1da41d1c74f24e7d1b2b5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:7f32362ab1f5f8923f326ee2e3711c156848803a0c3a11d5740d8206eb93b98a_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:a94a7be1120a24a70639cd6352204a1f496c71c53acc45c2730486dcde5c6869_ppc64le | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:18b8d484378161bc70f15f0e0148a1c4a54d3c3843b676bc4de766ecce005602_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:59781441af0a7b8dacb7bd3e96f145708138cc42d1bf35ad0d7be5309a9dd527_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:90d322c01dccbd64c89b117926db10355216a926448e33b1998b73dcd52c1701_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:dddf9226f3e958a2d8cd9a34c57477adbdd85d87be8a416ff17a79c28656208d_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:199c0dbad44d8e7aec185a017c06b54472efd3ccba556c6a7d1f43cfe52eaf83_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:4db21d9cd00d79bbab581beda640d75b80113cd0d3f3bd2592fdaeab8572119a_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6f10fd242bacc0304f5e485b0caa779a9ddee62ff7511f7a2d02281745b9b832_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7bd1972beb9149061fd238e6f5802bc90ac29cf46abbeffb1174c00da99c1fbf_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9ccd98456ed77735b40bfc15e60351c1392cf7a5fc43ba19c6c9535d40889cbd_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9e8cfc4f388375dd3c925dc4378bf703ca8a4c8b1fab7b1265b90940bfbe34a3_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a013400acf243733951e70e9c14111ade95b8eb6968cb7580859ba33e91c0b3b_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:b3fe27ef87a511566ae28f5247df9315e1f0809fd78d4a767494decbe960ee21_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0c50fbc44a442c810d1c9999d3d45e858ce4c9b49ea047bc80a691a7b23e8252_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7036633b0a8c627df65b1cdcd1b9ec9acfaf3d621a6125bd7d24e0c0a88b5a80_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7541aaa488c30653e5ef3738c3bbad68aa32d62b968cbf82225f658ce073ee08_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c84ba6175bdce3b74458c3831e8d01917acd5f3599f47a54936b6331063c6da7_s390x | — |
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:5a9521f8da26d292b340af25e3aaa6813ccbd332447530011ba0197cb922c683_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:76f9aeb931bde7710f763310488da882875c7e0228b1da41d1c74f24e7d1b2b5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:7f32362ab1f5f8923f326ee2e3711c156848803a0c3a11d5740d8206eb93b98a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:a94a7be1120a24a70639cd6352204a1f496c71c53acc45c2730486dcde5c6869_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:18b8d484378161bc70f15f0e0148a1c4a54d3c3843b676bc4de766ecce005602_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:59781441af0a7b8dacb7bd3e96f145708138cc42d1bf35ad0d7be5309a9dd527_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:90d322c01dccbd64c89b117926db10355216a926448e33b1998b73dcd52c1701_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:dddf9226f3e958a2d8cd9a34c57477adbdd85d87be8a416ff17a79c28656208d_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:199c0dbad44d8e7aec185a017c06b54472efd3ccba556c6a7d1f43cfe52eaf83_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:4db21d9cd00d79bbab581beda640d75b80113cd0d3f3bd2592fdaeab8572119a_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6f10fd242bacc0304f5e485b0caa779a9ddee62ff7511f7a2d02281745b9b832_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7bd1972beb9149061fd238e6f5802bc90ac29cf46abbeffb1174c00da99c1fbf_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9ccd98456ed77735b40bfc15e60351c1392cf7a5fc43ba19c6c9535d40889cbd_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9e8cfc4f388375dd3c925dc4378bf703ca8a4c8b1fab7b1265b90940bfbe34a3_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a013400acf243733951e70e9c14111ade95b8eb6968cb7580859ba33e91c0b3b_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:b3fe27ef87a511566ae28f5247df9315e1f0809fd78d4a767494decbe960ee21_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0c50fbc44a442c810d1c9999d3d45e858ce4c9b49ea047bc80a691a7b23e8252_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7036633b0a8c627df65b1cdcd1b9ec9acfaf3d621a6125bd7d24e0c0a88b5a80_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7541aaa488c30653e5ef3738c3bbad68aa32d62b968cbf82225f658ce073ee08_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c84ba6175bdce3b74458c3831e8d01917acd5f3599f47a54936b6331063c6da7_s390x | — |
Workaround
|
Threats
Impact
Important
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.8.7 General Availability release, with updates to container images.",
"title": "Topic"
},
{
"category": "general",
"text": "Assisted Installer RHEL 9 integrates components for the general multicluster engine\nfor Kubernetes 2.8.7 release that simplify the process of deploying OpenShift Container\nPlatform clusters.\n\nThe multicluster engine for Kubernetes provides the foundational components\nthat are necessary for the centralized management of multiple\nKubernetes-based clusters across data centers, public clouds, and private\nclouds.\n\nYou can use the engine to create new Red Hat OpenShift Container Platform\nclusters, or to import existing Kubernetes-based clusters for management.\n\nAfter the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22260",
"url": "https://access.redhat.com/errata/RHSA-2026:22260"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22260.json"
}
],
"title": "Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.8.7",
"tracking": {
"current_release_date": "2026-06-30T12:54:05+00:00",
"generator": {
"date": "2026-06-30T12:54:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:22260",
"initial_release_date": "2026-06-01T06:45:33+00:00",
"revision_history": [
{
"date": "2026-06-01T06:45:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-01T06:45:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T12:54:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "multicluster engine for Kubernetes 2.8",
"product": {
"name": "multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_engine:2.8::el9"
}
}
}
],
"category": "product_family",
"name": "multicluster engine for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:59781441af0a7b8dacb7bd3e96f145708138cc42d1bf35ad0d7be5309a9dd527_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:59781441af0a7b8dacb7bd3e96f145708138cc42d1bf35ad0d7be5309a9dd527_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:59781441af0a7b8dacb7bd3e96f145708138cc42d1bf35ad0d7be5309a9dd527_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-image-service-rhel9@sha256%3A59781441af0a7b8dacb7bd3e96f145708138cc42d1bf35ad0d7be5309a9dd527?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-image-service-rhel9\u0026tag=1779951423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7541aaa488c30653e5ef3738c3bbad68aa32d62b968cbf82225f658ce073ee08_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7541aaa488c30653e5ef3738c3bbad68aa32d62b968cbf82225f658ce073ee08_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7541aaa488c30653e5ef3738c3bbad68aa32d62b968cbf82225f658ce073ee08_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel9@sha256%3A7541aaa488c30653e5ef3738c3bbad68aa32d62b968cbf82225f658ce073ee08?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-installer-rhel9\u0026tag=1779951516"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6f10fd242bacc0304f5e485b0caa779a9ddee62ff7511f7a2d02281745b9b832_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6f10fd242bacc0304f5e485b0caa779a9ddee62ff7511f7a2d02281745b9b832_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6f10fd242bacc0304f5e485b0caa779a9ddee62ff7511f7a2d02281745b9b832_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-agent-rhel9@sha256%3A6f10fd242bacc0304f5e485b0caa779a9ddee62ff7511f7a2d02281745b9b832?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9\u0026tag=1779707524"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:b3fe27ef87a511566ae28f5247df9315e1f0809fd78d4a767494decbe960ee21_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:b3fe27ef87a511566ae28f5247df9315e1f0809fd78d4a767494decbe960ee21_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:b3fe27ef87a511566ae28f5247df9315e1f0809fd78d4a767494decbe960ee21_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel9@sha256%3Ab3fe27ef87a511566ae28f5247df9315e1f0809fd78d4a767494decbe960ee21?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9\u0026tag=1779951762"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:76f9aeb931bde7710f763310488da882875c7e0228b1da41d1c74f24e7d1b2b5_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:76f9aeb931bde7710f763310488da882875c7e0228b1da41d1c74f24e7d1b2b5_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:76f9aeb931bde7710f763310488da882875c7e0228b1da41d1c74f24e7d1b2b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3A76f9aeb931bde7710f763310488da882875c7e0228b1da41d1c74f24e7d1b2b5?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-service-9-rhel9\u0026tag=1779910129"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:dddf9226f3e958a2d8cd9a34c57477adbdd85d87be8a416ff17a79c28656208d_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:dddf9226f3e958a2d8cd9a34c57477adbdd85d87be8a416ff17a79c28656208d_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:dddf9226f3e958a2d8cd9a34c57477adbdd85d87be8a416ff17a79c28656208d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-image-service-rhel9@sha256%3Adddf9226f3e958a2d8cd9a34c57477adbdd85d87be8a416ff17a79c28656208d?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-image-service-rhel9\u0026tag=1779951423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7036633b0a8c627df65b1cdcd1b9ec9acfaf3d621a6125bd7d24e0c0a88b5a80_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7036633b0a8c627df65b1cdcd1b9ec9acfaf3d621a6125bd7d24e0c0a88b5a80_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7036633b0a8c627df65b1cdcd1b9ec9acfaf3d621a6125bd7d24e0c0a88b5a80_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel9@sha256%3A7036633b0a8c627df65b1cdcd1b9ec9acfaf3d621a6125bd7d24e0c0a88b5a80?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-installer-rhel9\u0026tag=1779951516"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7bd1972beb9149061fd238e6f5802bc90ac29cf46abbeffb1174c00da99c1fbf_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7bd1972beb9149061fd238e6f5802bc90ac29cf46abbeffb1174c00da99c1fbf_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7bd1972beb9149061fd238e6f5802bc90ac29cf46abbeffb1174c00da99c1fbf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-agent-rhel9@sha256%3A7bd1972beb9149061fd238e6f5802bc90ac29cf46abbeffb1174c00da99c1fbf?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9\u0026tag=1779707524"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9e8cfc4f388375dd3c925dc4378bf703ca8a4c8b1fab7b1265b90940bfbe34a3_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9e8cfc4f388375dd3c925dc4378bf703ca8a4c8b1fab7b1265b90940bfbe34a3_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9e8cfc4f388375dd3c925dc4378bf703ca8a4c8b1fab7b1265b90940bfbe34a3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel9@sha256%3A9e8cfc4f388375dd3c925dc4378bf703ca8a4c8b1fab7b1265b90940bfbe34a3?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9\u0026tag=1779951762"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:7f32362ab1f5f8923f326ee2e3711c156848803a0c3a11d5740d8206eb93b98a_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:7f32362ab1f5f8923f326ee2e3711c156848803a0c3a11d5740d8206eb93b98a_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:7f32362ab1f5f8923f326ee2e3711c156848803a0c3a11d5740d8206eb93b98a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3A7f32362ab1f5f8923f326ee2e3711c156848803a0c3a11d5740d8206eb93b98a?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-service-9-rhel9\u0026tag=1779910129"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:18b8d484378161bc70f15f0e0148a1c4a54d3c3843b676bc4de766ecce005602_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:18b8d484378161bc70f15f0e0148a1c4a54d3c3843b676bc4de766ecce005602_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:18b8d484378161bc70f15f0e0148a1c4a54d3c3843b676bc4de766ecce005602_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-image-service-rhel9@sha256%3A18b8d484378161bc70f15f0e0148a1c4a54d3c3843b676bc4de766ecce005602?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-image-service-rhel9\u0026tag=1779951423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0c50fbc44a442c810d1c9999d3d45e858ce4c9b49ea047bc80a691a7b23e8252_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0c50fbc44a442c810d1c9999d3d45e858ce4c9b49ea047bc80a691a7b23e8252_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0c50fbc44a442c810d1c9999d3d45e858ce4c9b49ea047bc80a691a7b23e8252_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel9@sha256%3A0c50fbc44a442c810d1c9999d3d45e858ce4c9b49ea047bc80a691a7b23e8252?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-installer-rhel9\u0026tag=1779951516"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:199c0dbad44d8e7aec185a017c06b54472efd3ccba556c6a7d1f43cfe52eaf83_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:199c0dbad44d8e7aec185a017c06b54472efd3ccba556c6a7d1f43cfe52eaf83_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:199c0dbad44d8e7aec185a017c06b54472efd3ccba556c6a7d1f43cfe52eaf83_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-agent-rhel9@sha256%3A199c0dbad44d8e7aec185a017c06b54472efd3ccba556c6a7d1f43cfe52eaf83?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9\u0026tag=1779707524"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a013400acf243733951e70e9c14111ade95b8eb6968cb7580859ba33e91c0b3b_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a013400acf243733951e70e9c14111ade95b8eb6968cb7580859ba33e91c0b3b_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a013400acf243733951e70e9c14111ade95b8eb6968cb7580859ba33e91c0b3b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel9@sha256%3Aa013400acf243733951e70e9c14111ade95b8eb6968cb7580859ba33e91c0b3b?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9\u0026tag=1779951762"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:a94a7be1120a24a70639cd6352204a1f496c71c53acc45c2730486dcde5c6869_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:a94a7be1120a24a70639cd6352204a1f496c71c53acc45c2730486dcde5c6869_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:a94a7be1120a24a70639cd6352204a1f496c71c53acc45c2730486dcde5c6869_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3Aa94a7be1120a24a70639cd6352204a1f496c71c53acc45c2730486dcde5c6869?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-service-9-rhel9\u0026tag=1779910129"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:90d322c01dccbd64c89b117926db10355216a926448e33b1998b73dcd52c1701_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:90d322c01dccbd64c89b117926db10355216a926448e33b1998b73dcd52c1701_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:90d322c01dccbd64c89b117926db10355216a926448e33b1998b73dcd52c1701_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-image-service-rhel9@sha256%3A90d322c01dccbd64c89b117926db10355216a926448e33b1998b73dcd52c1701?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-image-service-rhel9\u0026tag=1779951423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c84ba6175bdce3b74458c3831e8d01917acd5f3599f47a54936b6331063c6da7_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c84ba6175bdce3b74458c3831e8d01917acd5f3599f47a54936b6331063c6da7_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c84ba6175bdce3b74458c3831e8d01917acd5f3599f47a54936b6331063c6da7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel9@sha256%3Ac84ba6175bdce3b74458c3831e8d01917acd5f3599f47a54936b6331063c6da7?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-installer-rhel9\u0026tag=1779951516"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:4db21d9cd00d79bbab581beda640d75b80113cd0d3f3bd2592fdaeab8572119a_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:4db21d9cd00d79bbab581beda640d75b80113cd0d3f3bd2592fdaeab8572119a_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:4db21d9cd00d79bbab581beda640d75b80113cd0d3f3bd2592fdaeab8572119a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-agent-rhel9@sha256%3A4db21d9cd00d79bbab581beda640d75b80113cd0d3f3bd2592fdaeab8572119a?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9\u0026tag=1779707524"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9ccd98456ed77735b40bfc15e60351c1392cf7a5fc43ba19c6c9535d40889cbd_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9ccd98456ed77735b40bfc15e60351c1392cf7a5fc43ba19c6c9535d40889cbd_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9ccd98456ed77735b40bfc15e60351c1392cf7a5fc43ba19c6c9535d40889cbd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel9@sha256%3A9ccd98456ed77735b40bfc15e60351c1392cf7a5fc43ba19c6c9535d40889cbd?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9\u0026tag=1779951762"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:5a9521f8da26d292b340af25e3aaa6813ccbd332447530011ba0197cb922c683_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:5a9521f8da26d292b340af25e3aaa6813ccbd332447530011ba0197cb922c683_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:5a9521f8da26d292b340af25e3aaa6813ccbd332447530011ba0197cb922c683_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3A5a9521f8da26d292b340af25e3aaa6813ccbd332447530011ba0197cb922c683?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-service-9-rhel9\u0026tag=1779910129"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:18b8d484378161bc70f15f0e0148a1c4a54d3c3843b676bc4de766ecce005602_ppc64le as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:18b8d484378161bc70f15f0e0148a1c4a54d3c3843b676bc4de766ecce005602_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:18b8d484378161bc70f15f0e0148a1c4a54d3c3843b676bc4de766ecce005602_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:59781441af0a7b8dacb7bd3e96f145708138cc42d1bf35ad0d7be5309a9dd527_amd64 as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:59781441af0a7b8dacb7bd3e96f145708138cc42d1bf35ad0d7be5309a9dd527_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:59781441af0a7b8dacb7bd3e96f145708138cc42d1bf35ad0d7be5309a9dd527_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:90d322c01dccbd64c89b117926db10355216a926448e33b1998b73dcd52c1701_s390x as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:90d322c01dccbd64c89b117926db10355216a926448e33b1998b73dcd52c1701_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:90d322c01dccbd64c89b117926db10355216a926448e33b1998b73dcd52c1701_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:dddf9226f3e958a2d8cd9a34c57477adbdd85d87be8a416ff17a79c28656208d_arm64 as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:dddf9226f3e958a2d8cd9a34c57477adbdd85d87be8a416ff17a79c28656208d_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:dddf9226f3e958a2d8cd9a34c57477adbdd85d87be8a416ff17a79c28656208d_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:199c0dbad44d8e7aec185a017c06b54472efd3ccba556c6a7d1f43cfe52eaf83_ppc64le as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:199c0dbad44d8e7aec185a017c06b54472efd3ccba556c6a7d1f43cfe52eaf83_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:199c0dbad44d8e7aec185a017c06b54472efd3ccba556c6a7d1f43cfe52eaf83_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:4db21d9cd00d79bbab581beda640d75b80113cd0d3f3bd2592fdaeab8572119a_s390x as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:4db21d9cd00d79bbab581beda640d75b80113cd0d3f3bd2592fdaeab8572119a_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:4db21d9cd00d79bbab581beda640d75b80113cd0d3f3bd2592fdaeab8572119a_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6f10fd242bacc0304f5e485b0caa779a9ddee62ff7511f7a2d02281745b9b832_amd64 as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6f10fd242bacc0304f5e485b0caa779a9ddee62ff7511f7a2d02281745b9b832_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6f10fd242bacc0304f5e485b0caa779a9ddee62ff7511f7a2d02281745b9b832_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7bd1972beb9149061fd238e6f5802bc90ac29cf46abbeffb1174c00da99c1fbf_arm64 as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7bd1972beb9149061fd238e6f5802bc90ac29cf46abbeffb1174c00da99c1fbf_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7bd1972beb9149061fd238e6f5802bc90ac29cf46abbeffb1174c00da99c1fbf_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9ccd98456ed77735b40bfc15e60351c1392cf7a5fc43ba19c6c9535d40889cbd_s390x as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9ccd98456ed77735b40bfc15e60351c1392cf7a5fc43ba19c6c9535d40889cbd_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9ccd98456ed77735b40bfc15e60351c1392cf7a5fc43ba19c6c9535d40889cbd_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9e8cfc4f388375dd3c925dc4378bf703ca8a4c8b1fab7b1265b90940bfbe34a3_arm64 as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9e8cfc4f388375dd3c925dc4378bf703ca8a4c8b1fab7b1265b90940bfbe34a3_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9e8cfc4f388375dd3c925dc4378bf703ca8a4c8b1fab7b1265b90940bfbe34a3_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a013400acf243733951e70e9c14111ade95b8eb6968cb7580859ba33e91c0b3b_ppc64le as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a013400acf243733951e70e9c14111ade95b8eb6968cb7580859ba33e91c0b3b_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a013400acf243733951e70e9c14111ade95b8eb6968cb7580859ba33e91c0b3b_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:b3fe27ef87a511566ae28f5247df9315e1f0809fd78d4a767494decbe960ee21_amd64 as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:b3fe27ef87a511566ae28f5247df9315e1f0809fd78d4a767494decbe960ee21_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:b3fe27ef87a511566ae28f5247df9315e1f0809fd78d4a767494decbe960ee21_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0c50fbc44a442c810d1c9999d3d45e858ce4c9b49ea047bc80a691a7b23e8252_ppc64le as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0c50fbc44a442c810d1c9999d3d45e858ce4c9b49ea047bc80a691a7b23e8252_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0c50fbc44a442c810d1c9999d3d45e858ce4c9b49ea047bc80a691a7b23e8252_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7036633b0a8c627df65b1cdcd1b9ec9acfaf3d621a6125bd7d24e0c0a88b5a80_arm64 as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7036633b0a8c627df65b1cdcd1b9ec9acfaf3d621a6125bd7d24e0c0a88b5a80_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7036633b0a8c627df65b1cdcd1b9ec9acfaf3d621a6125bd7d24e0c0a88b5a80_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7541aaa488c30653e5ef3738c3bbad68aa32d62b968cbf82225f658ce073ee08_amd64 as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7541aaa488c30653e5ef3738c3bbad68aa32d62b968cbf82225f658ce073ee08_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7541aaa488c30653e5ef3738c3bbad68aa32d62b968cbf82225f658ce073ee08_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c84ba6175bdce3b74458c3831e8d01917acd5f3599f47a54936b6331063c6da7_s390x as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c84ba6175bdce3b74458c3831e8d01917acd5f3599f47a54936b6331063c6da7_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c84ba6175bdce3b74458c3831e8d01917acd5f3599f47a54936b6331063c6da7_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:5a9521f8da26d292b340af25e3aaa6813ccbd332447530011ba0197cb922c683_s390x as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:5a9521f8da26d292b340af25e3aaa6813ccbd332447530011ba0197cb922c683_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:5a9521f8da26d292b340af25e3aaa6813ccbd332447530011ba0197cb922c683_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:76f9aeb931bde7710f763310488da882875c7e0228b1da41d1c74f24e7d1b2b5_amd64 as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:76f9aeb931bde7710f763310488da882875c7e0228b1da41d1c74f24e7d1b2b5_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:76f9aeb931bde7710f763310488da882875c7e0228b1da41d1c74f24e7d1b2b5_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:7f32362ab1f5f8923f326ee2e3711c156848803a0c3a11d5740d8206eb93b98a_arm64 as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:7f32362ab1f5f8923f326ee2e3711c156848803a0c3a11d5740d8206eb93b98a_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:7f32362ab1f5f8923f326ee2e3711c156848803a0c3a11d5740d8206eb93b98a_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:a94a7be1120a24a70639cd6352204a1f496c71c53acc45c2730486dcde5c6869_ppc64le as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:a94a7be1120a24a70639cd6352204a1f496c71c53acc45c2730486dcde5c6869_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:a94a7be1120a24a70639cd6352204a1f496c71c53acc45c2730486dcde5c6869_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:18b8d484378161bc70f15f0e0148a1c4a54d3c3843b676bc4de766ecce005602_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:59781441af0a7b8dacb7bd3e96f145708138cc42d1bf35ad0d7be5309a9dd527_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:90d322c01dccbd64c89b117926db10355216a926448e33b1998b73dcd52c1701_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:dddf9226f3e958a2d8cd9a34c57477adbdd85d87be8a416ff17a79c28656208d_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:199c0dbad44d8e7aec185a017c06b54472efd3ccba556c6a7d1f43cfe52eaf83_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:4db21d9cd00d79bbab581beda640d75b80113cd0d3f3bd2592fdaeab8572119a_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6f10fd242bacc0304f5e485b0caa779a9ddee62ff7511f7a2d02281745b9b832_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7bd1972beb9149061fd238e6f5802bc90ac29cf46abbeffb1174c00da99c1fbf_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9ccd98456ed77735b40bfc15e60351c1392cf7a5fc43ba19c6c9535d40889cbd_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9e8cfc4f388375dd3c925dc4378bf703ca8a4c8b1fab7b1265b90940bfbe34a3_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a013400acf243733951e70e9c14111ade95b8eb6968cb7580859ba33e91c0b3b_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:b3fe27ef87a511566ae28f5247df9315e1f0809fd78d4a767494decbe960ee21_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0c50fbc44a442c810d1c9999d3d45e858ce4c9b49ea047bc80a691a7b23e8252_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7036633b0a8c627df65b1cdcd1b9ec9acfaf3d621a6125bd7d24e0c0a88b5a80_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7541aaa488c30653e5ef3738c3bbad68aa32d62b968cbf82225f658ce073ee08_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c84ba6175bdce3b74458c3831e8d01917acd5f3599f47a54936b6331063c6da7_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:5a9521f8da26d292b340af25e3aaa6813ccbd332447530011ba0197cb922c683_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:76f9aeb931bde7710f763310488da882875c7e0228b1da41d1c74f24e7d1b2b5_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:7f32362ab1f5f8923f326ee2e3711c156848803a0c3a11d5740d8206eb93b98a_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:a94a7be1120a24a70639cd6352204a1f496c71c53acc45c2730486dcde5c6869_ppc64le"
],
"known_not_affected": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:18b8d484378161bc70f15f0e0148a1c4a54d3c3843b676bc4de766ecce005602_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:59781441af0a7b8dacb7bd3e96f145708138cc42d1bf35ad0d7be5309a9dd527_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:90d322c01dccbd64c89b117926db10355216a926448e33b1998b73dcd52c1701_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:dddf9226f3e958a2d8cd9a34c57477adbdd85d87be8a416ff17a79c28656208d_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:199c0dbad44d8e7aec185a017c06b54472efd3ccba556c6a7d1f43cfe52eaf83_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:4db21d9cd00d79bbab581beda640d75b80113cd0d3f3bd2592fdaeab8572119a_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6f10fd242bacc0304f5e485b0caa779a9ddee62ff7511f7a2d02281745b9b832_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7bd1972beb9149061fd238e6f5802bc90ac29cf46abbeffb1174c00da99c1fbf_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9ccd98456ed77735b40bfc15e60351c1392cf7a5fc43ba19c6c9535d40889cbd_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9e8cfc4f388375dd3c925dc4378bf703ca8a4c8b1fab7b1265b90940bfbe34a3_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a013400acf243733951e70e9c14111ade95b8eb6968cb7580859ba33e91c0b3b_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:b3fe27ef87a511566ae28f5247df9315e1f0809fd78d4a767494decbe960ee21_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0c50fbc44a442c810d1c9999d3d45e858ce4c9b49ea047bc80a691a7b23e8252_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7036633b0a8c627df65b1cdcd1b9ec9acfaf3d621a6125bd7d24e0c0a88b5a80_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7541aaa488c30653e5ef3738c3bbad68aa32d62b968cbf82225f658ce073ee08_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c84ba6175bdce3b74458c3831e8d01917acd5f3599f47a54936b6331063c6da7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T06:45:33+00:00",
"details": "For more information about Assisted Installer, see the following documentation:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/clusters/cluster_mce_overview#cim-intro\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/clusters/cluster_mce_overview#mce-install-intro\n\nThis documentation will be available after the general availability release of Red Hat Advanced Cluster Management 2.13.",
"product_ids": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:5a9521f8da26d292b340af25e3aaa6813ccbd332447530011ba0197cb922c683_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:76f9aeb931bde7710f763310488da882875c7e0228b1da41d1c74f24e7d1b2b5_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:7f32362ab1f5f8923f326ee2e3711c156848803a0c3a11d5740d8206eb93b98a_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:a94a7be1120a24a70639cd6352204a1f496c71c53acc45c2730486dcde5c6869_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22260"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:18b8d484378161bc70f15f0e0148a1c4a54d3c3843b676bc4de766ecce005602_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:59781441af0a7b8dacb7bd3e96f145708138cc42d1bf35ad0d7be5309a9dd527_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:90d322c01dccbd64c89b117926db10355216a926448e33b1998b73dcd52c1701_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:dddf9226f3e958a2d8cd9a34c57477adbdd85d87be8a416ff17a79c28656208d_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:199c0dbad44d8e7aec185a017c06b54472efd3ccba556c6a7d1f43cfe52eaf83_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:4db21d9cd00d79bbab581beda640d75b80113cd0d3f3bd2592fdaeab8572119a_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6f10fd242bacc0304f5e485b0caa779a9ddee62ff7511f7a2d02281745b9b832_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7bd1972beb9149061fd238e6f5802bc90ac29cf46abbeffb1174c00da99c1fbf_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9ccd98456ed77735b40bfc15e60351c1392cf7a5fc43ba19c6c9535d40889cbd_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9e8cfc4f388375dd3c925dc4378bf703ca8a4c8b1fab7b1265b90940bfbe34a3_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a013400acf243733951e70e9c14111ade95b8eb6968cb7580859ba33e91c0b3b_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:b3fe27ef87a511566ae28f5247df9315e1f0809fd78d4a767494decbe960ee21_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0c50fbc44a442c810d1c9999d3d45e858ce4c9b49ea047bc80a691a7b23e8252_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7036633b0a8c627df65b1cdcd1b9ec9acfaf3d621a6125bd7d24e0c0a88b5a80_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7541aaa488c30653e5ef3738c3bbad68aa32d62b968cbf82225f658ce073ee08_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c84ba6175bdce3b74458c3831e8d01917acd5f3599f47a54936b6331063c6da7_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:5a9521f8da26d292b340af25e3aaa6813ccbd332447530011ba0197cb922c683_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:76f9aeb931bde7710f763310488da882875c7e0228b1da41d1c74f24e7d1b2b5_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:7f32362ab1f5f8923f326ee2e3711c156848803a0c3a11d5740d8206eb93b98a_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:a94a7be1120a24a70639cd6352204a1f496c71c53acc45c2730486dcde5c6869_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:18b8d484378161bc70f15f0e0148a1c4a54d3c3843b676bc4de766ecce005602_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:59781441af0a7b8dacb7bd3e96f145708138cc42d1bf35ad0d7be5309a9dd527_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:90d322c01dccbd64c89b117926db10355216a926448e33b1998b73dcd52c1701_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:dddf9226f3e958a2d8cd9a34c57477adbdd85d87be8a416ff17a79c28656208d_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:199c0dbad44d8e7aec185a017c06b54472efd3ccba556c6a7d1f43cfe52eaf83_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:4db21d9cd00d79bbab581beda640d75b80113cd0d3f3bd2592fdaeab8572119a_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6f10fd242bacc0304f5e485b0caa779a9ddee62ff7511f7a2d02281745b9b832_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7bd1972beb9149061fd238e6f5802bc90ac29cf46abbeffb1174c00da99c1fbf_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9ccd98456ed77735b40bfc15e60351c1392cf7a5fc43ba19c6c9535d40889cbd_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9e8cfc4f388375dd3c925dc4378bf703ca8a4c8b1fab7b1265b90940bfbe34a3_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a013400acf243733951e70e9c14111ade95b8eb6968cb7580859ba33e91c0b3b_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:b3fe27ef87a511566ae28f5247df9315e1f0809fd78d4a767494decbe960ee21_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0c50fbc44a442c810d1c9999d3d45e858ce4c9b49ea047bc80a691a7b23e8252_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7036633b0a8c627df65b1cdcd1b9ec9acfaf3d621a6125bd7d24e0c0a88b5a80_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7541aaa488c30653e5ef3738c3bbad68aa32d62b968cbf82225f658ce073ee08_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c84ba6175bdce3b74458c3831e8d01917acd5f3599f47a54936b6331063c6da7_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:5a9521f8da26d292b340af25e3aaa6813ccbd332447530011ba0197cb922c683_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:76f9aeb931bde7710f763310488da882875c7e0228b1da41d1c74f24e7d1b2b5_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:7f32362ab1f5f8923f326ee2e3711c156848803a0c3a11d5740d8206eb93b98a_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:a94a7be1120a24a70639cd6352204a1f496c71c53acc45c2730486dcde5c6869_ppc64le"
],
"known_not_affected": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:18b8d484378161bc70f15f0e0148a1c4a54d3c3843b676bc4de766ecce005602_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:59781441af0a7b8dacb7bd3e96f145708138cc42d1bf35ad0d7be5309a9dd527_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:90d322c01dccbd64c89b117926db10355216a926448e33b1998b73dcd52c1701_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:dddf9226f3e958a2d8cd9a34c57477adbdd85d87be8a416ff17a79c28656208d_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:199c0dbad44d8e7aec185a017c06b54472efd3ccba556c6a7d1f43cfe52eaf83_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:4db21d9cd00d79bbab581beda640d75b80113cd0d3f3bd2592fdaeab8572119a_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6f10fd242bacc0304f5e485b0caa779a9ddee62ff7511f7a2d02281745b9b832_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7bd1972beb9149061fd238e6f5802bc90ac29cf46abbeffb1174c00da99c1fbf_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9ccd98456ed77735b40bfc15e60351c1392cf7a5fc43ba19c6c9535d40889cbd_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9e8cfc4f388375dd3c925dc4378bf703ca8a4c8b1fab7b1265b90940bfbe34a3_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a013400acf243733951e70e9c14111ade95b8eb6968cb7580859ba33e91c0b3b_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:b3fe27ef87a511566ae28f5247df9315e1f0809fd78d4a767494decbe960ee21_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0c50fbc44a442c810d1c9999d3d45e858ce4c9b49ea047bc80a691a7b23e8252_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7036633b0a8c627df65b1cdcd1b9ec9acfaf3d621a6125bd7d24e0c0a88b5a80_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7541aaa488c30653e5ef3738c3bbad68aa32d62b968cbf82225f658ce073ee08_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c84ba6175bdce3b74458c3831e8d01917acd5f3599f47a54936b6331063c6da7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T06:45:33+00:00",
"details": "For more information about Assisted Installer, see the following documentation:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/clusters/cluster_mce_overview#cim-intro\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/clusters/cluster_mce_overview#mce-install-intro\n\nThis documentation will be available after the general availability release of Red Hat Advanced Cluster Management 2.13.",
"product_ids": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:5a9521f8da26d292b340af25e3aaa6813ccbd332447530011ba0197cb922c683_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:76f9aeb931bde7710f763310488da882875c7e0228b1da41d1c74f24e7d1b2b5_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:7f32362ab1f5f8923f326ee2e3711c156848803a0c3a11d5740d8206eb93b98a_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:a94a7be1120a24a70639cd6352204a1f496c71c53acc45c2730486dcde5c6869_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22260"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:18b8d484378161bc70f15f0e0148a1c4a54d3c3843b676bc4de766ecce005602_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:59781441af0a7b8dacb7bd3e96f145708138cc42d1bf35ad0d7be5309a9dd527_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:90d322c01dccbd64c89b117926db10355216a926448e33b1998b73dcd52c1701_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:dddf9226f3e958a2d8cd9a34c57477adbdd85d87be8a416ff17a79c28656208d_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:199c0dbad44d8e7aec185a017c06b54472efd3ccba556c6a7d1f43cfe52eaf83_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:4db21d9cd00d79bbab581beda640d75b80113cd0d3f3bd2592fdaeab8572119a_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6f10fd242bacc0304f5e485b0caa779a9ddee62ff7511f7a2d02281745b9b832_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7bd1972beb9149061fd238e6f5802bc90ac29cf46abbeffb1174c00da99c1fbf_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9ccd98456ed77735b40bfc15e60351c1392cf7a5fc43ba19c6c9535d40889cbd_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9e8cfc4f388375dd3c925dc4378bf703ca8a4c8b1fab7b1265b90940bfbe34a3_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a013400acf243733951e70e9c14111ade95b8eb6968cb7580859ba33e91c0b3b_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:b3fe27ef87a511566ae28f5247df9315e1f0809fd78d4a767494decbe960ee21_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0c50fbc44a442c810d1c9999d3d45e858ce4c9b49ea047bc80a691a7b23e8252_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7036633b0a8c627df65b1cdcd1b9ec9acfaf3d621a6125bd7d24e0c0a88b5a80_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7541aaa488c30653e5ef3738c3bbad68aa32d62b968cbf82225f658ce073ee08_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c84ba6175bdce3b74458c3831e8d01917acd5f3599f47a54936b6331063c6da7_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:5a9521f8da26d292b340af25e3aaa6813ccbd332447530011ba0197cb922c683_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:76f9aeb931bde7710f763310488da882875c7e0228b1da41d1c74f24e7d1b2b5_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:7f32362ab1f5f8923f326ee2e3711c156848803a0c3a11d5740d8206eb93b98a_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:a94a7be1120a24a70639cd6352204a1f496c71c53acc45c2730486dcde5c6869_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:18b8d484378161bc70f15f0e0148a1c4a54d3c3843b676bc4de766ecce005602_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:59781441af0a7b8dacb7bd3e96f145708138cc42d1bf35ad0d7be5309a9dd527_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:90d322c01dccbd64c89b117926db10355216a926448e33b1998b73dcd52c1701_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:dddf9226f3e958a2d8cd9a34c57477adbdd85d87be8a416ff17a79c28656208d_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:199c0dbad44d8e7aec185a017c06b54472efd3ccba556c6a7d1f43cfe52eaf83_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:4db21d9cd00d79bbab581beda640d75b80113cd0d3f3bd2592fdaeab8572119a_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6f10fd242bacc0304f5e485b0caa779a9ddee62ff7511f7a2d02281745b9b832_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7bd1972beb9149061fd238e6f5802bc90ac29cf46abbeffb1174c00da99c1fbf_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9ccd98456ed77735b40bfc15e60351c1392cf7a5fc43ba19c6c9535d40889cbd_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:9e8cfc4f388375dd3c925dc4378bf703ca8a4c8b1fab7b1265b90940bfbe34a3_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a013400acf243733951e70e9c14111ade95b8eb6968cb7580859ba33e91c0b3b_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:b3fe27ef87a511566ae28f5247df9315e1f0809fd78d4a767494decbe960ee21_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0c50fbc44a442c810d1c9999d3d45e858ce4c9b49ea047bc80a691a7b23e8252_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7036633b0a8c627df65b1cdcd1b9ec9acfaf3d621a6125bd7d24e0c0a88b5a80_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:7541aaa488c30653e5ef3738c3bbad68aa32d62b968cbf82225f658ce073ee08_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c84ba6175bdce3b74458c3831e8d01917acd5f3599f47a54936b6331063c6da7_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:5a9521f8da26d292b340af25e3aaa6813ccbd332447530011ba0197cb922c683_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:76f9aeb931bde7710f763310488da882875c7e0228b1da41d1c74f24e7d1b2b5_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:7f32362ab1f5f8923f326ee2e3711c156848803a0c3a11d5740d8206eb93b98a_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:a94a7be1120a24a70639cd6352204a1f496c71c53acc45c2730486dcde5c6869_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
}
]
}
RHSA-2026:22347
Vulnerability from csaf_redhat - Published: 2026-06-01 22:12 - Updated: 2026-06-30 12:54Summary
Red Hat Security Advisory: Multicluster Global Hub 1.4.5 security update
Severity
Important
Notes
Topic: Multicluster Global Hub v1.4.5 general availability release images, which provide security fixes, bug fixes, and updated container images.
Red Hat Product Security has rated this update as having a security impact of Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Details: Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
No description is available for this CVE.
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
A flaw was found in Tempo. A remote attacker can exploit this vulnerability by sending large queries to the Tempo service. This can lead to excessive memory allocations, potentially causing a Denial of Service (DoS) by impacting the availability of the service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Important
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker can exploit this vulnerability before authentication by sending a specially crafted WebSockets frame. This missing sanity check can trigger a server panic, leading to a Denial of Service (DoS) for affected deployments that use WebSockets and expose the network port to untrusted endpoints.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. A remote attacker can exploit this vulnerability by connecting to a NATS-Server instance where the 'leafnode' configuration is enabled and compression is active. This pre-authentication flaw allows the attacker to trigger a server crash, resulting in a Denial of Service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Important
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
5.9 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Important
A flaw was found in github.com/buger/jsonparser. The Delete function, when processing malformed JSON input, fails to properly validate offsets. This vulnerability can lead to a negative slice index and a runtime panic, allowing a remote attacker to cause a denial of service (DoS) by providing specially crafted JSON data.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. A remote attacker could exploit this vulnerability by manipulating MQTT (Message Queuing Telemetry Transport) Client IDs. This malfeasance allows for the hijacking of client sessions and messages. This could lead to unauthorized access to sensitive information or disruption of service.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Moderate
A flaw was found in NATS-Server, a high-performance server for the NATS.io messaging system. For MQTT deployments utilizing usercodes and passwords, the MQTT passwords were mistakenly categorized as non-authenticating identity statements (JSON Web Tokens - JWT). This misclassification leads to the exposure of these passwords through monitoring endpoints, enabling an attacker with access to these endpoints to gain sensitive information.
8.6 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. When Access Control Lists (ACLs) were configured for message subjects, these controls were not correctly applied within the `$MQTT.>` namespace. This oversight allows MQTT clients to bypass the intended ACL checks, potentially granting unauthorized access to sensitive message subjects. This vulnerability could lead to information disclosure or unauthorized message manipulation.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker, by connecting to the leafnode port and sending a specially crafted malformed message before authentication, can cause the nats-server to crash. This vulnerability leads to a Denial of Service (DoS), making the server unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. A malicious client connecting to the WebSockets port can cause unbounded memory use before authentication by sending a large amount of data. This resource exhaustion vulnerability can lead to a Denial of Service (DoS) for the server, making it unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. If the NATS-Server is configured with static credentials provided through command-line arguments (argv) and the monitoring port is enabled, a remote attacker with access to the monitoring port can view these credentials. The /debug/vars endpoint on the monitoring port exposes an unredacted copy of the command-line arguments, leading to information disclosure of sensitive authentication details.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in etcd, a distributed key-value store. Unauthorized users can bypass authentication or authorization checks when the gRPC API is exposed to untrusted clients. This allows them to access sensitive cluster topology information, disrupt operations through alarms, interfere with lease management, and trigger data compaction, leading to permanent data loss and disruption of critical workflows. This vulnerability can result in information disclosure and denial of service.
7.7 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in goxmlsig, a Go library for XML Digital Signatures. This vulnerability arises from a programming error, specifically a loop variable capture issue, within the `validateSignature` function. When processing XML Digital Signatures, this error can cause the system to incorrectly validate the signature, potentially allowing an attacker to bypass integrity checks. This issue affects Go versions before 1.22 or projects using older `go.mod` configurations.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.
8.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Important
A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted WEBP image with an invalid, large size. This could cause the application to panic and crash on 32-bit platforms, leading to a Denial of Service (DoS).
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Moderate
A flaw was found in Moby, an open-source container framework. This vulnerability allows for a privilege validation bypass during `docker plugin install`. Due to an error in the daemon's privilege comparison logic, the system may incorrectly accept a plugin's requested privileges that differ from those approved by the user. This could lead to unauthorized privilege escalation for installed plugins.
8.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Important
A flaw was found in Moby, an open-source container framework. This security vulnerability allows attackers to bypass authorization plugins (AuthZ), which are mechanisms designed to control access and permissions within the container environment. The bypass of these plugins can lead to unauthorized operations and potential compromise of the system's integrity and confidentiality.
8.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in github.com/gomarkdown/markdown, a Go library for parsing Markdown text and rendering as HTML. A remote attacker could exploit this vulnerability by providing a specially crafted malformed input. Specifically, input containing a '<' character not followed by a '>' character, when processed by the SmartypantsRenderer, can lead to an out-of-bounds read or a panic. This can result in a denial of service (DoS) for the application, making it unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Apache Thrift TFramedTransport Go language implementation. This integer overflow or wraparound vulnerability could potentially allow an attacker to cause unexpected behavior or resource exhaustion, leading to a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This vulnerability involves improper validation of server certificates, where the hostname presented in the certificate does not match the expected hostname. A remote attacker could exploit this to impersonate a legitimate server, potentially intercepting or altering sensitive communications and leading to unauthorized access or information disclosure.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This out-of-bounds read vulnerability could allow an attacker to access memory outside of allocated bounds. This could lead to information disclosure or potentially a denial of service (DoS) condition.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This integer overflow or wraparound vulnerability could potentially lead to unexpected behavior or resource exhaustion, which may impact the availability or integrity of the system. The exact consequences depend on how the overflow is triggered and handled within the application.
7.7 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. An uncontrolled recursion vulnerability exists, which could allow a remote attacker to trigger a Denial of Service (DoS) condition. This occurs when the affected component processes specially crafted input, leading to excessive resource consumption and system unavailability.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This out-of-bounds read vulnerability can lead to the disclosure of sensitive information or a denial of service.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Important
Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Moderate
A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This could lead to a security bypass, potentially enabling unauthorized access or information disclosure.
7.3 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
References
248 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Multicluster Global Hub v1.4.5 general availability release images, which provide security fixes, bug fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact of Important. \nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22347",
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21728",
"url": "https://access.redhat.com/security/cve/CVE-2026-21728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27889",
"url": "https://access.redhat.com/security/cve/CVE-2026-27889"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29785",
"url": "https://access.redhat.com/security/cve/CVE-2026-29785"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32283",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32285",
"url": "https://access.redhat.com/security/cve/CVE-2026-32285"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32286",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33215",
"url": "https://access.redhat.com/security/cve/CVE-2026-33215"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33216",
"url": "https://access.redhat.com/security/cve/CVE-2026-33216"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33217",
"url": "https://access.redhat.com/security/cve/CVE-2026-33217"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33218",
"url": "https://access.redhat.com/security/cve/CVE-2026-33218"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33219",
"url": "https://access.redhat.com/security/cve/CVE-2026-33219"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33247",
"url": "https://access.redhat.com/security/cve/CVE-2026-33247"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33413",
"url": "https://access.redhat.com/security/cve/CVE-2026-33413"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33487",
"url": "https://access.redhat.com/security/cve/CVE-2026-33487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33810",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33813",
"url": "https://access.redhat.com/security/cve/CVE-2026-33813"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33997",
"url": "https://access.redhat.com/security/cve/CVE-2026-33997"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34040",
"url": "https://access.redhat.com/security/cve/CVE-2026-34040"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40890",
"url": "https://access.redhat.com/security/cve/CVE-2026-40890"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41602",
"url": "https://access.redhat.com/security/cve/CVE-2026-41602"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41603",
"url": "https://access.redhat.com/security/cve/CVE-2026-41603"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41604",
"url": "https://access.redhat.com/security/cve/CVE-2026-41604"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41605",
"url": "https://access.redhat.com/security/cve/CVE-2026-41605"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41606",
"url": "https://access.redhat.com/security/cve/CVE-2026-41606"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41607",
"url": "https://access.redhat.com/security/cve/CVE-2026-41607"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41636",
"url": "https://access.redhat.com/security/cve/CVE-2026-41636"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-43869",
"url": "https://access.redhat.com/security/cve/CVE-2026-43869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4427",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22347.json"
}
],
"title": "Red Hat Security Advisory: Multicluster Global Hub 1.4.5 security update",
"tracking": {
"current_release_date": "2026-06-30T12:54:02+00:00",
"generator": {
"date": "2026-06-30T12:54:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:22347",
"initial_release_date": "2026-06-01T22:12:17+00:00",
"revision_history": [
{
"date": "2026-06-01T22:12:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-01T22:12:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T12:54:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Multicluster Global Hub 1.4.5",
"product": {
"name": "Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_globalhub:1.4::el9"
}
}
}
],
"category": "product_family",
"name": "Multicluster Global Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1779579439"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779838819"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779839447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-operator-bundle@sha256%3Afcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle\u0026tag=1779891163"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779887217"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779147132"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Ae893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1779579439"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779838819"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779839447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779887217"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779147132"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Acdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1779579439"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Af4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779838819"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779839447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779887217"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779147132"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1779579439"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779838819"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Ae558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779839447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779887217"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779147132"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-21728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T09:00:58.144273+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461395"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tempo. A remote attacker can exploit this vulnerability by sending large queries to the Tempo service. This can lead to excessive memory allocations, potentially causing a Denial of Service (DoS) by impacting the availability of the service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana/tempo: Tempo: Denial of Service via large queries",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21728"
},
{
"category": "external",
"summary": "RHBZ#2461395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461395"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21728",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21728"
},
{
"category": "external",
"summary": "https://grafana.com/security/security-advisories/cve-2026-21728",
"url": "https://grafana.com/security/security-advisories/cve-2026-21728"
}
],
"release_date": "2026-04-24T08:00:47.074000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana/tempo: Tempo: Denial of Service via large queries"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-27889",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-25T20:01:58.261703+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451447"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker can exploit this vulnerability before authentication by sending a specially crafted WebSockets frame. This missing sanity check can trigger a server panic, leading to a Denial of Service (DoS) for affected deployments that use WebSockets and expose the network port to untrusted endpoints.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed WebSockets frame",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27889"
},
{
"category": "external",
"summary": "RHBZ#2451447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451447"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27889",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27889"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-03.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-03.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-pq2q-rcw4-3hr6",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-pq2q-rcw4-3hr6"
}
],
"release_date": "2026-03-25T19:36:36.370000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed WebSockets frame"
},
{
"cve": "CVE-2026-29785",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-03-25T20:01:35.121898+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451444"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. A remote attacker can exploit this vulnerability by connecting to a NATS-Server instance where the \u0027leafnode\u0027 configuration is enabled and compression is active. This pre-authentication flaw allows the attacker to trigger a server crash, resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via leafnode compression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29785"
},
{
"category": "external",
"summary": "RHBZ#2451444",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451444"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29785",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29785"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-04.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-04.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/commit/a1488de6f2ba6e666aef0f9cce0016f7f167d6a8",
"url": "https://github.com/nats-io/nats-server/commit/a1488de6f2ba6e666aef0f9cce0016f7f167d6a8"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-52jh-2xxh-pwh6",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-52jh-2xxh-pwh6"
}
],
"release_date": "2026-03-25T19:38:44.587000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via leafnode compression"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
},
{
"cve": "CVE-2026-32285",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:54.925687+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451846"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/buger/jsonparser. The Delete function, when processing malformed JSON input, fails to properly validate offsets. This vulnerability can lead to a negative slice index and a runtime panic, allowing a remote attacker to cause a denial of service (DoS) by providing specially crafted JSON data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32285"
},
{
"category": "external",
"summary": "RHBZ#2451846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32285",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32285"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285"
},
{
"category": "external",
"summary": "https://github.com/buger/jsonparser/issues/275",
"url": "https://github.com/buger/jsonparser/issues/275"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4514",
"url": "https://github.com/golang/vulndb/issues/4514"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4514",
"url": "https://pkg.go.dev/vuln/GO-2026-4514"
}
],
"release_date": "2026-03-26T19:40:51.837000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The PostgreSQL server multicluster-globalhub-manager connects to is either provisioned by the operator itself or specified by the admin managing the deployment. To successfully exploit the vulnerability in this context the attacker would need to compromise the operator-deployed PostgreSQL server to force a crafted malicious DataRow message or they would need to have the privileges required to modify the operator-provisioned deployment or configure globalhub-manager to use a compromised/malicious \u201cBYO Postgres\u201d server.\n\nThe first scenario (compromising a legitimate PostgreSQL server) would change Attack Complexity from Low to High resulting in an adjusted CVSS v3.1 score of 5.9 (Moderate)\nThe other scenarios (manipulating the operator provisioned-deployment or configuring the globalhub-manager to use a malicious server) would maintain AC:L but would require privileged access. This would change Privileges Required from None to High resulting in an adjusted CVSS v3.1 score of 4.9 (Moderate)\n\nBased on the above the Impact Rating for multicluster-globalhub-manager-rhel9 is Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33215",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2026-03-24T22:01:19.032191+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451021"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. A remote attacker could exploit this vulnerability by manipulating MQTT (Message Queuing Telemetry Transport) Client IDs. This malfeasance allows for the hijacking of client sessions and messages. This could lead to unauthorized access to sensitive information or disruption of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: NATS-Server: Session and message hijacking via MQTT Client ID malfeasance",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33215"
},
{
"category": "external",
"summary": "RHBZ#2451021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451021"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33215",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33215"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33215",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33215"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-06.tx",
"url": "https://advisories.nats.io/CVE/secnote-2026-06.tx"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-fcjp-h8cc-6879",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-fcjp-h8cc-6879"
}
],
"release_date": "2026-03-24T20:55:53.455000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nats-server: NATS-Server: Session and message hijacking via MQTT Client ID malfeasance"
},
{
"cve": "CVE-2026-33216",
"cwe": {
"id": "CWE-213",
"name": "Exposure of Sensitive Information Due to Incompatible Policies"
},
"discovery_date": "2026-03-25T20:02:03.000174+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451448"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server, a high-performance server for the NATS.io messaging system. For MQTT deployments utilizing usercodes and passwords, the MQTT passwords were mistakenly categorized as non-authenticating identity statements (JSON Web Tokens - JWT). This misclassification leads to the exposure of these passwords through monitoring endpoints, enabling an attacker with access to these endpoints to gain sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: github.com/nats-io/nats-server: NATS-Server: Information disclosure of MQTT passwords through monitoring endpoints",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33216"
},
{
"category": "external",
"summary": "RHBZ#2451448",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451448"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33216",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33216"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-05.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-05.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/commit/b5b63cfc35a57075e09c1f57503d31721bed8099",
"url": "https://github.com/nats-io/nats-server/commit/b5b63cfc35a57075e09c1f57503d31721bed8099"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-v722-jcv5-w7mc",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-v722-jcv5-w7mc"
}
],
"release_date": "2026-03-25T19:41:55.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nats-server: github.com/nats-io/nats-server: NATS-Server: Information disclosure of MQTT passwords through monitoring endpoints"
},
{
"cve": "CVE-2026-33217",
"cwe": {
"id": "CWE-425",
"name": "Direct Request (\u0027Forced Browsing\u0027)"
},
"discovery_date": "2026-03-25T20:01:47.815937+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451446"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. When Access Control Lists (ACLs) were configured for message subjects, these controls were not correctly applied within the `$MQTT.\u003e` namespace. This oversight allows MQTT clients to bypass the intended ACL checks, potentially granting unauthorized access to sensitive message subjects. This vulnerability could lead to information disclosure or unauthorized message manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: github.com/nats-io/nats-server: NATS-Server: Access control bypass via unapplied ACLs in MQTT namespace",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33217"
},
{
"category": "external",
"summary": "RHBZ#2451446",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451446"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33217",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33217"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33217"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-07.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-07.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-jxxm-27vp-c3m5",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-jxxm-27vp-c3m5"
}
],
"release_date": "2026-03-25T19:43:40.969000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nats-server: github.com/nats-io/nats-server: NATS-Server: Access control bypass via unapplied ACLs in MQTT namespace"
},
{
"cve": "CVE-2026-33218",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-25T20:02:13.680355+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451450"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker, by connecting to the leafnode port and sending a specially crafted malformed message before authentication, can cause the nats-server to crash. This vulnerability leads to a Denial of Service (DoS), making the server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed message pre-authentication on leafnode port",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33218"
},
{
"category": "external",
"summary": "RHBZ#2451450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451450"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33218",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33218"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33218",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33218"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-10.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-10.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-vprv-35vv-q339",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-vprv-35vv-q339"
}
],
"release_date": "2026-03-25T19:53:12.075000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nats-server: github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed message pre-authentication on leafnode port"
},
{
"cve": "CVE-2026-33219",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-25T20:01:41.235854+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451445"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. A malicious client connecting to the WebSockets port can cause unbounded memory use before authentication by sending a large amount of data. This resource exhaustion vulnerability can lead to a Denial of Service (DoS) for the server, making it unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via unbounded memory use in WebSockets",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33219"
},
{
"category": "external",
"summary": "RHBZ#2451445",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451445"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33219"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-02.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-02.txt"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-11.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-11.txt"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-qrvq-68c2-7grw",
"url": "https://github.com/advisories/GHSA-qrvq-68c2-7grw"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-8r68-gvr4-jh7j",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-8r68-gvr4-jh7j"
}
],
"release_date": "2026-03-25T19:55:28.363000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via unbounded memory use in WebSockets"
},
{
"cve": "CVE-2026-33247",
"cwe": {
"id": "CWE-214",
"name": "Invocation of Process Using Visible Sensitive Information"
},
"discovery_date": "2026-03-25T21:02:07.985713+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. If the NATS-Server is configured with static credentials provided through command-line arguments (argv) and the monitoring port is enabled, a remote attacker with access to the monitoring port can view these credentials. The /debug/vars endpoint on the monitoring port exposes an unredacted copy of the command-line arguments, leading to information disclosure of sensitive authentication details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Information disclosure of credentials via monitoring port and command-line arguments",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33247"
},
{
"category": "external",
"summary": "RHBZ#2451486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33247",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33247"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-14.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-14.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-x6g4-f6q3-fqvv",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-x6g4-f6q3-fqvv"
}
],
"release_date": "2026-03-25T20:02:18.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Information disclosure of credentials via monitoring port and command-line arguments"
},
{
"cve": "CVE-2026-33413",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"discovery_date": "2026-03-26T14:03:01.896580+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451728"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in etcd, a distributed key-value store. Unauthorized users can bypass authentication or authorization checks when the gRPC API is exposed to untrusted clients. This allows them to access sensitive cluster topology information, disrupt operations through alarms, interfere with lease management, and trigger data compaction, leading to permanent data loss and disruption of critical workflows. This vulnerability can result in information disclosure and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "etcd: etcd: Authorization bypass allows information disclosure and denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in etcd allows unauthorized users to bypass authentication or authorization checks when the gRPC API is exposed to untrusted clients and etcd\u0027s built-in authentication is enabled. This can lead to information disclosure and denial of service. Typical Red Hat OpenShift Container Platform and Kubernetes deployments are not affected, as the Kubernetes API server handles authentication and authorization independently of etcd\u0027s internal mechanisms.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33413"
},
{
"category": "external",
"summary": "RHBZ#2451728",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451728"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33413",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33413"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33413",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33413"
},
{
"category": "external",
"summary": "https://github.com/etcd-io/etcd/security/advisories/GHSA-q8m4-xhhv-38mg",
"url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-q8m4-xhhv-38mg"
}
],
"release_date": "2026-03-26T13:36:10.919000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Restrict network access to etcd server ports to ensure only trusted components can establish connections. Implement strong client identity at the transport layer, such as mTLS, with tightly scoped client certificate distribution. This will limit unauthorized access to etcd functions.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "etcd: etcd: Authorization bypass allows information disclosure and denial of service"
},
{
"cve": "CVE-2026-33487",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-26T18:02:32.278778+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451814"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in goxmlsig, a Go library for XML Digital Signatures. This vulnerability arises from a programming error, specifically a loop variable capture issue, within the `validateSignature` function. When processing XML Digital Signatures, this error can cause the system to incorrectly validate the signature, potentially allowing an attacker to bypass integrity checks. This issue affects Go versions before 1.22 or projects using older `go.mod` configurations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33487"
},
{
"category": "external",
"summary": "RHBZ#2451814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33487"
},
{
"category": "external",
"summary": "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc",
"url": "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc"
}
],
"release_date": "2026-03-26T17:17:51.101000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue"
},
{
"cve": "CVE-2026-33810",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-08T02:01:09.100830+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "RHBZ#2456335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://go.dev/cl/763763",
"url": "https://go.dev/cl/763763"
},
{
"category": "external",
"summary": "https://go.dev/issue/78332",
"url": "https://go.dev/issue/78332"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4866",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
}
],
"release_date": "2026-04-08T01:06:56.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
},
{
"cve": "CVE-2026-33813",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-21T20:01:02.224363+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460221"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted WEBP image with an invalid, large size. This could cause the application to panic and crash on 32-bit platforms, leading to a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33813"
},
{
"category": "external",
"summary": "RHBZ#2460221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33813",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33813"
},
{
"category": "external",
"summary": "https://go.dev/cl/759860",
"url": "https://go.dev/cl/759860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78407",
"url": "https://go.dev/issue/78407"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4961",
"url": "https://pkg.go.dev/vuln/GO-2026-4961"
}
],
"release_date": "2026-04-21T19:21:27.644000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing"
},
{
"cve": "CVE-2026-33997",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2026-03-31T03:01:29.529297+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453277"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Moby, an open-source container framework. This vulnerability allows for a privilege validation bypass during `docker plugin install`. Due to an error in the daemon\u0027s privilege comparison logic, the system may incorrectly accept a plugin\u0027s requested privileges that differ from those approved by the user. This could lead to unauthorized privilege escalation for installed plugins.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "An important flaw in Moby, an open-source container framework, allows for a privilege validation bypass during `docker plugin install`. This issue stems from an error in the daemon\u0027s privilege comparison logic, which could lead to unauthorized privilege escalation for installed plugins. Red Hat products that leverage Moby and allow Docker plugin installation are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33997"
},
{
"category": "external",
"summary": "RHBZ#2453277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453277"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33997",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33997"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33997",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33997"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/releases/tag/docker-v29.3.1",
"url": "https://github.com/moby/moby/releases/tag/docker-v29.3.1"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9",
"url": "https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9"
}
],
"release_date": "2026-03-31T01:36:51.404000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation"
},
{
"cve": "CVE-2026-34040",
"cwe": {
"id": "CWE-807",
"name": "Reliance on Untrusted Inputs in a Security Decision"
},
"discovery_date": "2026-03-31T03:01:34.530713+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453278"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Moby, an open-source container framework. This security vulnerability allows attackers to bypass authorization plugins (AuthZ), which are mechanisms designed to control access and permissions within the container environment. The bypass of these plugins can lead to unauthorized operations and potential compromise of the system\u0027s integrity and confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moby: Moby: Authorization bypass vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34040"
},
{
"category": "external",
"summary": "RHBZ#2453278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34040",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34040"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/releases/tag/docker-v29.3.1",
"url": "https://github.com/moby/moby/releases/tag/docker-v29.3.1"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2",
"url": "https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2"
}
],
"release_date": "2026-03-31T01:36:48.205000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moby: Moby: Authorization bypass vulnerability"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
},
{
"cve": "CVE-2026-40890",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-04-21T20:02:56.729456+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460245"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/gomarkdown/markdown, a Go library for parsing Markdown text and rendering as HTML. A remote attacker could exploit this vulnerability by providing a specially crafted malformed input. Specifically, input containing a \u0027\u003c\u0027 character not followed by a \u0027\u003e\u0027 character, when processed by the SmartypantsRenderer, can lead to an out-of-bounds read or a panic. This can result in a denial of service (DoS) for the application, making it unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/gomarkdown/markdown: github.com/gomarkdown/markdown: Denial of Service via malformed Markdown input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service flaw affecting Red Hat products that utilize the `github.com/gomarkdown/markdown` library. The vulnerability occurs when the `SmartypantsRenderer` processes specially crafted malformed Markdown input containing an unclosed \u0027\u003c\u0027 character, leading to an out-of-bounds read or application panic. A successful exploitation may lead the application using the library unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40890"
},
{
"category": "external",
"summary": "RHBZ#2460245",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460245"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40890",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40890"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40890",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40890"
},
{
"category": "external",
"summary": "https://github.com/gomarkdown/markdown/commit/759bbc3e32073c3bc4e25969c132fc520eda2778",
"url": "https://github.com/gomarkdown/markdown/commit/759bbc3e32073c3bc4e25969c132fc520eda2778"
},
{
"category": "external",
"summary": "https://github.com/gomarkdown/markdown/security/advisories/GHSA-77fj-vx54-gvh7",
"url": "https://github.com/gomarkdown/markdown/security/advisories/GHSA-77fj-vx54-gvh7"
}
],
"release_date": "2026-04-21T19:51:53.237000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/gomarkdown/markdown: github.com/gomarkdown/markdown: Denial of Service via malformed Markdown input"
},
{
"cve": "CVE-2026-41602",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-28T10:01:16.099816+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463407"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Thrift TFramedTransport Go language implementation. This integer overflow or wraparound vulnerability could potentially allow an attacker to cause unexpected behavior or resource exhaustion, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41602"
},
{
"category": "external",
"summary": "RHBZ#2463407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463407"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41602"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41602"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/6",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/6"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:19:06.646000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation"
},
{
"cve": "CVE-2026-41603",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-04-28T10:01:29.782287+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463411"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This vulnerability involves improper validation of server certificates, where the hostname presented in the certificate does not match the expected hostname. A remote attacker could exploit this to impersonate a legitimate server, potentially intercepting or altering sensitive communications and leading to unauthorized access or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Security Bypass via Improper Certificate Hostname Validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41603"
},
{
"category": "external",
"summary": "RHBZ#2463411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463411"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41603"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/7",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/7"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:19:40.564000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Security Bypass via Improper Certificate Hostname Validation"
},
{
"cve": "CVE-2026-41604",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-04-28T10:01:47.903741+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463416"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This out-of-bounds read vulnerability could allow an attacker to access memory outside of allocated bounds. This could lead to information disclosure or potentially a denial of service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41604"
},
{
"category": "external",
"summary": "RHBZ#2463416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463416"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41604",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41604"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41604",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41604"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/5",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/5"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:20:13.996000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability"
},
{
"cve": "CVE-2026-41605",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-28T10:01:54.269412+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463418"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This integer overflow or wraparound vulnerability could potentially lead to unexpected behavior or resource exhaustion, which may impact the availability or integrity of the system. The exact consequences depend on how the overflow is triggered and handled within the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Integer Overflow or Wraparound Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41605"
},
{
"category": "external",
"summary": "RHBZ#2463418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463418"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41605"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41605",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41605"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/4",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/4"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:20:44.319000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Integer Overflow or Wraparound Vulnerability"
},
{
"cve": "CVE-2026-41606",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-04-28T10:01:19.136351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463408"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. An uncontrolled recursion vulnerability exists, which could allow a remote attacker to trigger a Denial of Service (DoS) condition. This occurs when the affected component processes specially crafted input, leading to excessive resource consumption and system unavailability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Denial of Service via uncontrolled recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41606"
},
{
"category": "external",
"summary": "RHBZ#2463408",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463408"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41606"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/3",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/3"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:21:12.815000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Denial of Service via uncontrolled recursion"
},
{
"cve": "CVE-2026-41607",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-04-28T10:01:33.022623+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463412"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This out-of-bounds read vulnerability can lead to the disclosure of sensitive information or a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41607"
},
{
"category": "external",
"summary": "RHBZ#2463412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41607",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41607"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41607",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41607"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/2",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/2"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:21:48.502000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability"
},
{
"cve": "CVE-2026-41636",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-04-28T10:01:03.992199+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463404"
}
],
"notes": [
{
"category": "description",
"text": "Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings\n\nThis issue affects Apache Thrift: before 0.23.0.\n\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache.com/apache/thrift: Apache Thrift: Node.js skip() recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41636"
},
{
"category": "external",
"summary": "RHBZ#2463404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463404"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41636"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/1",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/1"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:22:14.639000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache.com/apache/thrift: Apache Thrift: Node.js skip() recursion"
},
{
"cve": "CVE-2026-43869",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-05T08:00:56.417384+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466660"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This could lead to a security bypass, potentially enabling unauthorized access or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-43869"
},
{
"category": "external",
"summary": "RHBZ#2466660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466660"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-43869",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-43869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43869"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52r",
"url": "https://lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52r"
}
],
"release_date": "2026-05-05T07:25:48.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation"
}
]
}
RHSA-2026:22423
Vulnerability from csaf_redhat - Published: 2026-06-02 07:42 - Updated: 2026-06-30 12:54Summary
Red Hat Security Advisory: Multicluster Global Hub 1.3.4 security update
Severity
Important
Notes
Topic: Multicluster Global Hub v1.3.4 general availability release images, which provide security fixes, bug fixes, and updated container images.
Red Hat Product Security has rated this update as having a security impact of Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Details: Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Tempo. A remote attacker can exploit this vulnerability by sending large queries to the Tempo service. This can lead to excessive memory allocations, potentially causing a Denial of Service (DoS) by impacting the availability of the service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64 | — |
Threats
Impact
Important
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64 | — |
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64 | — |
Threats
Impact
Important
A flaw was found in github.com/buger/jsonparser. The Delete function, when processing malformed JSON input, fails to properly validate offsets. This vulnerability can lead to a negative slice index and a runtime panic, allowing a remote attacker to cause a denial of service (DoS) by providing specially crafted JSON data.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
5.9 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in goxmlsig, a Go library for XML Digital Signatures. This vulnerability arises from a programming error, specifically a loop variable capture issue, within the `validateSignature` function. When processing XML Digital Signatures, this error can cause the system to incorrectly validate the signature, potentially allowing an attacker to bypass integrity checks. This issue affects Go versions before 1.22 or projects using older `go.mod` configurations.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in github.com/jackc/pgx. This memory-safety vulnerability could potentially lead to unexpected behavior or system instability.
8.3 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in github.com/jackc/pgx, a PostgreSQL driver for Go. This memory-safety vulnerability could allow an attacker to cause various impacts, such as denial of service (DoS) or potentially arbitrary code execution, by exploiting memory corruption issues. The exact method of exploitation and specific consequences would depend on the nature of the memory corruption.
8.3 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the Apache Thrift TFramedTransport Go language implementation. This integer overflow or wraparound vulnerability could potentially allow an attacker to cause unexpected behavior or resource exhaustion, leading to a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64 | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This vulnerability involves improper validation of server certificates, where the hostname presented in the certificate does not match the expected hostname. A remote attacker could exploit this to impersonate a legitimate server, potentially intercepting or altering sensitive communications and leading to unauthorized access or information disclosure.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64 | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This out-of-bounds read vulnerability could allow an attacker to access memory outside of allocated bounds. This could lead to information disclosure or potentially a denial of service (DoS) condition.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64 | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This integer overflow or wraparound vulnerability could potentially lead to unexpected behavior or resource exhaustion, which may impact the availability or integrity of the system. The exact consequences depend on how the overflow is triggered and handled within the application.
7.7 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64 | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. An uncontrolled recursion vulnerability exists, which could allow a remote attacker to trigger a Denial of Service (DoS) condition. This occurs when the affected component processes specially crafted input, leading to excessive resource consumption and system unavailability.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64 | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This out-of-bounds read vulnerability can lead to the disclosure of sensitive information or a denial of service.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64 | — |
Threats
Impact
Important
Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This could lead to a security bypass, potentially enabling unauthorized access or information disclosure.
7.3 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64 | — |
Workaround
|
Threats
Impact
Important
References
139 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Multicluster Global Hub v1.3.4 general availability release images, which provide security fixes, bug fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact of Important. \nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22423",
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21728",
"url": "https://access.redhat.com/security/cve/CVE-2026-21728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32283",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32285",
"url": "https://access.redhat.com/security/cve/CVE-2026-32285"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32286",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33487",
"url": "https://access.redhat.com/security/cve/CVE-2026-33487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33815",
"url": "https://access.redhat.com/security/cve/CVE-2026-33815"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33816",
"url": "https://access.redhat.com/security/cve/CVE-2026-33816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41602",
"url": "https://access.redhat.com/security/cve/CVE-2026-41602"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41603",
"url": "https://access.redhat.com/security/cve/CVE-2026-41603"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41604",
"url": "https://access.redhat.com/security/cve/CVE-2026-41604"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41605",
"url": "https://access.redhat.com/security/cve/CVE-2026-41605"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41606",
"url": "https://access.redhat.com/security/cve/CVE-2026-41606"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41607",
"url": "https://access.redhat.com/security/cve/CVE-2026-41607"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41636",
"url": "https://access.redhat.com/security/cve/CVE-2026-41636"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-43869",
"url": "https://access.redhat.com/security/cve/CVE-2026-43869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22423.json"
}
],
"title": "Red Hat Security Advisory: Multicluster Global Hub 1.3.4 security update",
"tracking": {
"current_release_date": "2026-06-30T12:54:02+00:00",
"generator": {
"date": "2026-06-30T12:54:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:22423",
"initial_release_date": "2026-06-02T07:42:09+00:00",
"revision_history": [
{
"date": "2026-06-02T07:42:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-02T07:42:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T12:54:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Multicluster Global Hub 1.3.4",
"product": {
"name": "Multicluster Global Hub 1.3.4",
"product_id": "Multicluster Global Hub 1.3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_globalhub:1.3::el9"
}
}
}
],
"category": "product_family",
"name": "Multicluster Global Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1779212259"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779210675"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779210608"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-operator-bundle@sha256%3Aa1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle\u0026tag=1779925031"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Adebed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779209992"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779924243"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1779212259"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779210675"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Ae8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779210608"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Adced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779209992"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779924243"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1779212259"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779210675"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779210608"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779209992"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779924243"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1779212259"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779210675"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779210608"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779209992"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3Ad5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779924243"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64 as a component of Multicluster Global Hub 1.3.4",
"product_id": "Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64 as a component of Multicluster Global Hub 1.3.4",
"product_id": "Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le as a component of Multicluster Global Hub 1.3.4",
"product_id": "Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x as a component of Multicluster Global Hub 1.3.4",
"product_id": "Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64 as a component of Multicluster Global Hub 1.3.4",
"product_id": "Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x as a component of Multicluster Global Hub 1.3.4",
"product_id": "Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le as a component of Multicluster Global Hub 1.3.4",
"product_id": "Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64 as a component of Multicluster Global Hub 1.3.4",
"product_id": "Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x as a component of Multicluster Global Hub 1.3.4",
"product_id": "Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64 as a component of Multicluster Global Hub 1.3.4",
"product_id": "Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64 as a component of Multicluster Global Hub 1.3.4",
"product_id": "Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le as a component of Multicluster Global Hub 1.3.4",
"product_id": "Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64 as a component of Multicluster Global Hub 1.3.4",
"product_id": "Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x as a component of Multicluster Global Hub 1.3.4",
"product_id": "Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le as a component of Multicluster Global Hub 1.3.4",
"product_id": "Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64 as a component of Multicluster Global Hub 1.3.4",
"product_id": "Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64 as a component of Multicluster Global Hub 1.3.4",
"product_id": "Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64 as a component of Multicluster Global Hub 1.3.4",
"product_id": "Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x as a component of Multicluster Global Hub 1.3.4",
"product_id": "Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le as a component of Multicluster Global Hub 1.3.4",
"product_id": "Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64 as a component of Multicluster Global Hub 1.3.4",
"product_id": "Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.3.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-21728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T09:00:58.144273+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461395"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tempo. A remote attacker can exploit this vulnerability by sending large queries to the Tempo service. This can lead to excessive memory allocations, potentially causing a Denial of Service (DoS) by impacting the availability of the service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana/tempo: Tempo: Denial of Service via large queries",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21728"
},
{
"category": "external",
"summary": "RHBZ#2461395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461395"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21728",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21728"
},
{
"category": "external",
"summary": "https://grafana.com/security/security-advisories/cve-2026-21728",
"url": "https://grafana.com/security/security-advisories/cve-2026-21728"
}
],
"release_date": "2026-04-24T08:00:47.074000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T07:42:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana/tempo: Tempo: Denial of Service via large queries"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T07:42:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T07:42:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T07:42:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T07:42:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
},
{
"cve": "CVE-2026-32285",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:54.925687+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451846"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/buger/jsonparser. The Delete function, when processing malformed JSON input, fails to properly validate offsets. This vulnerability can lead to a negative slice index and a runtime panic, allowing a remote attacker to cause a denial of service (DoS) by providing specially crafted JSON data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32285"
},
{
"category": "external",
"summary": "RHBZ#2451846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32285",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32285"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285"
},
{
"category": "external",
"summary": "https://github.com/buger/jsonparser/issues/275",
"url": "https://github.com/buger/jsonparser/issues/275"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4514",
"url": "https://github.com/golang/vulndb/issues/4514"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4514",
"url": "https://pkg.go.dev/vuln/GO-2026-4514"
}
],
"release_date": "2026-03-26T19:40:51.837000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T07:42:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The PostgreSQL server multicluster-globalhub-manager connects to is either provisioned by the operator itself or specified by the admin managing the deployment. To successfully exploit the vulnerability in this context the attacker would need to compromise the operator-deployed PostgreSQL server to force a crafted malicious DataRow message or they would need to have the privileges required to modify the operator-provisioned deployment or configure globalhub-manager to use a compromised/malicious \u201cBYO Postgres\u201d server.\n\nThe first scenario (compromising a legitimate PostgreSQL server) would change Attack Complexity from Low to High resulting in an adjusted CVSS v3.1 score of 5.9 (Moderate)\nThe other scenarios (manipulating the operator provisioned-deployment or configuring the globalhub-manager to use a malicious server) would maintain AC:L but would require privileged access. This would change Privileges Required from None to High resulting in an adjusted CVSS v3.1 score of 4.9 (Moderate)\n\nBased on the above the Impact Rating for multicluster-globalhub-manager-rhel9 is Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T07:42:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T07:42:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33487",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-26T18:02:32.278778+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451814"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in goxmlsig, a Go library for XML Digital Signatures. This vulnerability arises from a programming error, specifically a loop variable capture issue, within the `validateSignature` function. When processing XML Digital Signatures, this error can cause the system to incorrectly validate the signature, potentially allowing an attacker to bypass integrity checks. This issue affects Go versions before 1.22 or projects using older `go.mod` configurations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33487"
},
{
"category": "external",
"summary": "RHBZ#2451814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33487"
},
{
"category": "external",
"summary": "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc",
"url": "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc"
}
],
"release_date": "2026-03-26T17:17:51.101000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T07:42:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue"
},
{
"cve": "CVE-2026-33815",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-04-07T16:01:25.130006+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455975"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/jackc/pgx. This memory-safety vulnerability could potentially lead to unexpected behavior or system instability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33815"
},
{
"category": "external",
"summary": "RHBZ#2455975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455975"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33815",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33815"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33815",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33815"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4771",
"url": "https://pkg.go.dev/vuln/GO-2026-4771"
}
],
"release_date": "2026-04-07T15:19:24.344000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T07:42:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability"
},
{
"cve": "CVE-2026-33816",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-04-07T16:01:14.142946+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455972"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/jackc/pgx, a PostgreSQL driver for Go. This memory-safety vulnerability could allow an attacker to cause various impacts, such as denial of service (DoS) or potentially arbitrary code execution, by exploiting memory corruption issues. The exact method of exploitation and specific consequences would depend on the nature of the memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33816"
},
{
"category": "external",
"summary": "RHBZ#2455972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33816",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33816"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4772",
"url": "https://pkg.go.dev/vuln/GO-2026-4772"
}
],
"release_date": "2026-04-07T15:19:24.529000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T07:42:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T07:42:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
},
{
"cve": "CVE-2026-41602",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-28T10:01:16.099816+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463407"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Thrift TFramedTransport Go language implementation. This integer overflow or wraparound vulnerability could potentially allow an attacker to cause unexpected behavior or resource exhaustion, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41602"
},
{
"category": "external",
"summary": "RHBZ#2463407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463407"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41602"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41602"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/6",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/6"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:19:06.646000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T07:42:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation"
},
{
"cve": "CVE-2026-41603",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-04-28T10:01:29.782287+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463411"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This vulnerability involves improper validation of server certificates, where the hostname presented in the certificate does not match the expected hostname. A remote attacker could exploit this to impersonate a legitimate server, potentially intercepting or altering sensitive communications and leading to unauthorized access or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Security Bypass via Improper Certificate Hostname Validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41603"
},
{
"category": "external",
"summary": "RHBZ#2463411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463411"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41603"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/7",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/7"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:19:40.564000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T07:42:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Security Bypass via Improper Certificate Hostname Validation"
},
{
"cve": "CVE-2026-41604",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-04-28T10:01:47.903741+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463416"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This out-of-bounds read vulnerability could allow an attacker to access memory outside of allocated bounds. This could lead to information disclosure or potentially a denial of service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41604"
},
{
"category": "external",
"summary": "RHBZ#2463416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463416"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41604",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41604"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41604",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41604"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/5",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/5"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:20:13.996000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T07:42:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability"
},
{
"cve": "CVE-2026-41605",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-28T10:01:54.269412+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463418"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This integer overflow or wraparound vulnerability could potentially lead to unexpected behavior or resource exhaustion, which may impact the availability or integrity of the system. The exact consequences depend on how the overflow is triggered and handled within the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Integer Overflow or Wraparound Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41605"
},
{
"category": "external",
"summary": "RHBZ#2463418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463418"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41605"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41605",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41605"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/4",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/4"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:20:44.319000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T07:42:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Integer Overflow or Wraparound Vulnerability"
},
{
"cve": "CVE-2026-41606",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-04-28T10:01:19.136351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463408"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. An uncontrolled recursion vulnerability exists, which could allow a remote attacker to trigger a Denial of Service (DoS) condition. This occurs when the affected component processes specially crafted input, leading to excessive resource consumption and system unavailability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Denial of Service via uncontrolled recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41606"
},
{
"category": "external",
"summary": "RHBZ#2463408",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463408"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41606"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/3",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/3"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:21:12.815000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T07:42:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Denial of Service via uncontrolled recursion"
},
{
"cve": "CVE-2026-41607",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-04-28T10:01:33.022623+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463412"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This out-of-bounds read vulnerability can lead to the disclosure of sensitive information or a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41607"
},
{
"category": "external",
"summary": "RHBZ#2463412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41607",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41607"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41607",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41607"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/2",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/2"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:21:48.502000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T07:42:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability"
},
{
"cve": "CVE-2026-41636",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-04-28T10:01:03.992199+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463404"
}
],
"notes": [
{
"category": "description",
"text": "Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings\n\nThis issue affects Apache Thrift: before 0.23.0.\n\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache.com/apache/thrift: Apache Thrift: Node.js skip() recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41636"
},
{
"category": "external",
"summary": "RHBZ#2463404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463404"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41636"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/1",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/1"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:22:14.639000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T07:42:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache.com/apache/thrift: Apache Thrift: Node.js skip() recursion"
},
{
"cve": "CVE-2026-43869",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-05T08:00:56.417384+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466660"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This could lead to a security bypass, potentially enabling unauthorized access or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-43869"
},
{
"category": "external",
"summary": "RHBZ#2466660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466660"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-43869",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-43869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43869"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52r",
"url": "https://lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52r"
}
],
"release_date": "2026-05-05T07:25:48.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T07:42:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:031c9b259f062e07131ae61ad1b354b9362e768fe14bdd1794754e83424f4a20_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:03b18d051be128024f03df408069e5ad2346a2799115a4e13ad7cb394daabe3b_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6fb8506afd2e5f295305dc044e86a3059c1c91052715079388f2ea54a746fb38_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:823597446afec693451e47ebf73fd61d625e6fc327970340d4226b26a71f4707_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:1128dffb3133bd5dc86dd3e4d74d807aa3567acf7d9eaf8c94cb522efb2c39ec_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:61e24ffe7c4bf801e8ca4650befe3e6bc99235f31445d76d790bab3026ead0ff_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:830a5fffea2982f059927ae3eb9dbe474a4d830175395e1dd32800d08304bc22_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9db7d9dc19cb6cf1392ea70441d1eb98535f9cfeb478230156ab11f556657b02_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7a1cd2f61dfac63ccec20638eed4ad39b8a3a0d5d78bd68345885af030a1af0b_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:7b3abb4db8da02cb6c51b78fa7b8ee19cf0f9640902a5925a7bc2c41d6d25d69_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:9ba27f8af737cbe4eb46bf62cdb56e4582ed15640046cf741a062a9702c83a32_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e8d3ee3bc0d99e38df6c617793c517be7261cce2855926a53ab10b42e989bdfd_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:a1d22f270c8e8b6fdb8324bf13b116382c0364058f28ba043128b93772ff33d3_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:0d265ad57e771cf3403b59e030e8e47e4c439c0d300721944ba8ca89ed8d0817_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:2e19aabfe25fff53230af0e6236eb19ca44004f47e1ebfe9add5acf9ba3ba525_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9438798cc9dfaf0d93675dd5a6cf1162ff8025f49ab162374e74dffa67f4c1ee_amd64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d5ebd2285f925a5d6efb9bf712ee41aa45dc4cce7ff50a0aca83da5155d4aa8c_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2b952d5fb1960f40a3f05b351f958829b3a61a31fce495a3af751a063929889d_arm64",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:324b21e3ef94225610d57090e1e05617ae46f4fc536bdcec5d3975c5fc44bb6e_s390x",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:dced1f854c7f823c247d35ac265da3994d5dda70fa4829ec91fa49295966c84f_ppc64le",
"Multicluster Global Hub 1.3.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:debed0fd65dfd3106368fbdad8a3730888c73ffca97a009054a0f2a64bd6ef8c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation"
}
]
}
RHSA-2026:22450
Vulnerability from csaf_redhat - Published: 2026-06-02 11:22 - Updated: 2026-06-30 12:54Summary
Red Hat Security Advisory: osbuild-composer security update
Severity
Important
Notes
Topic: An update for osbuild-composer is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.
Security Fix(es):
* golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
* crypto/x509: Incorrect enforcement of email constraints in crypto/x509 (CVE-2026-27137)
* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
* github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message (CVE-2026-4427,GHSA-jqcq-xjh3-6g23)
* google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation (CVE-2026-33186)
* github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server (CVE-2026-32286)
* github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986)
* golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)
* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
No description is available for this CVE.
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
7.8 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
89 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for osbuild-composer is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.\n\nSecurity Fix(es):\n\n* golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* crypto/x509: Incorrect enforcement of email constraints in crypto/x509 (CVE-2026-27137)\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message (CVE-2026-4427,GHSA-jqcq-xjh3-6g23)\n\n* google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation (CVE-2026-33186)\n\n* github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server (CVE-2026-32286)\n\n* github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986)\n\n* golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22450",
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "2448626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448626"
},
{
"category": "external",
"summary": "2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "RHEL-179244",
"url": "https://issues.redhat.com/browse/RHEL-179244"
},
{
"category": "external",
"summary": "RHEL-180005",
"url": "https://issues.redhat.com/browse/RHEL-180005"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22450.json"
}
],
"title": "Red Hat Security Advisory: osbuild-composer security update",
"tracking": {
"current_release_date": "2026-06-30T12:54:05+00:00",
"generator": {
"date": "2026-06-30T12:54:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:22450",
"initial_release_date": "2026-06-02T11:22:13+00:00",
"revision_history": [
{
"date": "2026-06-02T11:22:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-02T11:22:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T12:54:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:165.1-2.el10_2.x86_64",
"product": {
"name": "osbuild-composer-0:165.1-2.el10_2.x86_64",
"product_id": "osbuild-composer-0:165.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@165.1-2.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"product": {
"name": "osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"product_id": "osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@165.1-2.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"product": {
"name": "osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"product_id": "osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@165.1-2.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"product": {
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"product_id": "osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@165.1-2.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"product_id": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@165.1-2.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"product": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"product_id": "osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@165.1-2.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"product_id": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@165.1-2.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64",
"product_id": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@165.1-2.el10_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:165.1-2.el10_2.src",
"product": {
"name": "osbuild-composer-0:165.1-2.el10_2.src",
"product_id": "osbuild-composer-0:165.1-2.el10_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@165.1-2.el10_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:165.1-2.el10_2.aarch64",
"product": {
"name": "osbuild-composer-0:165.1-2.el10_2.aarch64",
"product_id": "osbuild-composer-0:165.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@165.1-2.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"product": {
"name": "osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"product_id": "osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@165.1-2.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"product": {
"name": "osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"product_id": "osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@165.1-2.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"product": {
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"product_id": "osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@165.1-2.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"product_id": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@165.1-2.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"product": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"product_id": "osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@165.1-2.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"product_id": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@165.1-2.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"product_id": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@165.1-2.el10_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:165.1-2.el10_2.ppc64le",
"product": {
"name": "osbuild-composer-0:165.1-2.el10_2.ppc64le",
"product_id": "osbuild-composer-0:165.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@165.1-2.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"product": {
"name": "osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"product_id": "osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@165.1-2.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"product": {
"name": "osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"product_id": "osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@165.1-2.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"product": {
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"product_id": "osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@165.1-2.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"product": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"product_id": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@165.1-2.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"product": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"product_id": "osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@165.1-2.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"product_id": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@165.1-2.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"product_id": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@165.1-2.el10_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:165.1-2.el10_2.s390x",
"product": {
"name": "osbuild-composer-0:165.1-2.el10_2.s390x",
"product_id": "osbuild-composer-0:165.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@165.1-2.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:165.1-2.el10_2.s390x",
"product": {
"name": "osbuild-composer-core-0:165.1-2.el10_2.s390x",
"product_id": "osbuild-composer-core-0:165.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@165.1-2.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"product": {
"name": "osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"product_id": "osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@165.1-2.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"product": {
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"product_id": "osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@165.1-2.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"product": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"product_id": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@165.1-2.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"product": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"product_id": "osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@165.1-2.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"product_id": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@165.1-2.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"product_id": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@165.1-2.el10_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:165.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64"
},
"product_reference": "osbuild-composer-0:165.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:165.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le"
},
"product_reference": "osbuild-composer-0:165.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:165.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x"
},
"product_reference": "osbuild-composer-0:165.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:165.1-2.el10_2.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src"
},
"product_reference": "osbuild-composer-0:165.1-2.el10_2.src",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:165.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64"
},
"product_reference": "osbuild-composer-0:165.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:165.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64"
},
"product_reference": "osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:165.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le"
},
"product_reference": "osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:165.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x"
},
"product_reference": "osbuild-composer-core-0:165.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:165.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64"
},
"product_reference": "osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le"
},
"product_reference": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x"
},
"product_reference": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64"
},
"product_reference": "osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le"
},
"product_reference": "osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x"
},
"product_reference": "osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64"
},
"product_reference": "osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64"
},
"product_reference": "osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le"
},
"product_reference": "osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x"
},
"product_reference": "osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64"
},
"product_reference": "osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:165.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64"
},
"product_reference": "osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:165.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le"
},
"product_reference": "osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:165.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x"
},
"product_reference": "osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:165.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64"
},
"product_reference": "osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:22:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:22:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:22:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:22:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:22:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:22:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:22:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:22:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The PostgreSQL server multicluster-globalhub-manager connects to is either provisioned by the operator itself or specified by the admin managing the deployment. To successfully exploit the vulnerability in this context the attacker would need to compromise the operator-deployed PostgreSQL server to force a crafted malicious DataRow message or they would need to have the privileges required to modify the operator-provisioned deployment or configure globalhub-manager to use a compromised/malicious \u201cBYO Postgres\u201d server.\n\nThe first scenario (compromising a legitimate PostgreSQL server) would change Attack Complexity from Low to High resulting in an adjusted CVSS v3.1 score of 5.9 (Moderate)\nThe other scenarios (manipulating the operator provisioned-deployment or configuring the globalhub-manager to use a malicious server) would maintain AC:L but would require privileged access. This would change Privileges Required from None to High resulting in an adjusted CVSS v3.1 score of 4.9 (Moderate)\n\nBased on the above the Impact Rating for multicluster-globalhub-manager-rhel9 is Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:22:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:22:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:22:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
}
]
}
RHSA-2026:22465
Vulnerability from csaf_redhat - Published: 2026-06-02 13:10 - Updated: 2026-06-30 12:54Summary
Red Hat Security Advisory: Red Hat Quay 3.17.2
Severity
Important
Notes
Topic: Red Hat Quay 3.17.2 is now available with bug fixes.
Details: Quay 3.17.2
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.
7.0 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Important
No description is available for this CVE.
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).
8.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Threats
Impact
Important
A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Threats
Impact
Important
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
5.9 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Threats
Impact
Important
A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.
7.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Threats
Impact
Moderate
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in BuildKit, a toolkit for converting source code to build artifacts. An untrusted BuildKit frontend can be leveraged to craft a malicious API message, allowing files to be written outside of the designated BuildKit state directory. This vulnerability, which is a form of arbitrary file write, could enable an attacker to execute unauthorized code or escalate their privileges on the system. This issue arises when custom BuildKit frontends are used with specific configuration options.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.
7.3 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
7.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Important
References
171 references
Acknowledgments
Antony Di Scala
Michael Whale
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.17.2 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.17.2",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22465",
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62718",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27459",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29063",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29074",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32286",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32589",
"url": "https://access.redhat.com/security/cve/CVE-2026-32589"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32590",
"url": "https://access.redhat.com/security/cve/CVE-2026-32590"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33747",
"url": "https://access.redhat.com/security/cve/CVE-2026-33747"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33894",
"url": "https://access.redhat.com/security/cve/CVE-2026-33894"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39892",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40192",
"url": "https://access.redhat.com/security/cve/CVE-2026-40192"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40895",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4427",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22465.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.17.2",
"tracking": {
"current_release_date": "2026-06-30T12:54:06+00:00",
"generator": {
"date": "2026-06-30T12:54:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:22465",
"initial_release_date": "2026-06-02T13:10:36+00:00",
"revision_history": [
{
"date": "2026-06-02T13:10:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-02T13:10:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T12:54:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.17",
"product": {
"name": "Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.17::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=1778601504"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3A0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel9\u0026tag=1778599991"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=1778601553"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel9\u0026tag=1778599998"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1778600428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3Ae2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel9\u0026tag=1778599977"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3Ac38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel9\u0026tag=1778600005"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=1779929597"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3Aeb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel9\u0026tag=1778839890"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel9\u0026tag=1779922205"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3Ab3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel9\u0026tag=1778599991"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel9\u0026tag=1778599998"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1778600428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel9\u0026tag=1778599977"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3A3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a?arch=arm64\u0026repository_url=registry.redhat.io/quay/clair-rhel9\u0026tag=1778600005"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3Ace7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel9\u0026tag=1778839890"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3Aa24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-rhel9\u0026tag=1779922205"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3Ad59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel9\u0026tag=1778599991"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3Ab6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel9\u0026tag=1778599998"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Af932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1778600428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel9\u0026tag=1778599977"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3A97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/clair-rhel9\u0026tag=1778600005"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3A18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel9\u0026tag=1778839890"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-rhel9\u0026tag=1779922205"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3Ae1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel9\u0026tag=1778599991"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel9\u0026tag=1778599998"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1778600428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel9\u0026tag=1778599977"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3A5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75?arch=s390x\u0026repository_url=registry.redhat.io/quay/clair-rhel9\u0026tag=1778600005"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3Ad05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel9\u0026tag=1778839890"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-rhel9\u0026tag=1779922205"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64",
"relates_to_product_reference": "Red Hat Quay 3.17"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-62718",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-09T15:01:48.111177+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456913"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has limited impact due to combination of non-default conditions to exploit: the attacker must be able to control or influence URLs passed to axios in a server-side context, the application must have both `HTTP_PROXY` and `NO_PROXY` configured, and the proxy itself must be positioned to act on the misdirected traffic or have been compromised by the attacker to intercept the rerouted traffic.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "RHBZ#2456913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456913"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1",
"url": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2",
"url": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df",
"url": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/10661",
"url": "https://github.com/axios/axios/pull/10661"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.15.0",
"url": "https://github.com/axios/axios/releases/tag/v1.15.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5"
}
],
"release_date": "2026-04-09T14:31:46.067000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization"
},
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-27459",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T00:01:41.404915+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448503"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyOpenSSL: DTLS cookie callback buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_cookie_generate_callback function. For the buffer overflow to occur, the callback function must return a cookie string or byte sequence longer than 256 bytes, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "RHBZ#2448503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
"url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
"url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
"url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
}
],
"release_date": "2026-03-17T23:34:28.483000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyOpenSSL: DTLS cookie callback buffer overflow"
},
{
"cve": "CVE-2026-29063",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-06T19:00:57.982727+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this vulnerability requires that an attacker is able to provide arbitrary data to clients of this library in a way that calls the affected functions with data the attacker controls. In most deployments, the ability to provide data in this fashion requires that an attacker has some degree of privileges to access the affected applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "RHBZ#2445291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw",
"url": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw"
}
],
"release_date": "2026-03-06T18:25:22.438000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution"
},
{
"cve": "CVE-2026-29074",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application\u0027s failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "svgo: SVGO: Denial of Service via XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "RHBZ#2445132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673",
"url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"
}
],
"release_date": "2026-03-06T07:23:05.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "svgo: SVGO: Denial of Service via XML entity expansion"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The PostgreSQL server multicluster-globalhub-manager connects to is either provisioned by the operator itself or specified by the admin managing the deployment. To successfully exploit the vulnerability in this context the attacker would need to compromise the operator-deployed PostgreSQL server to force a crafted malicious DataRow message or they would need to have the privileges required to modify the operator-provisioned deployment or configure globalhub-manager to use a compromised/malicious \u201cBYO Postgres\u201d server.\n\nThe first scenario (compromising a legitimate PostgreSQL server) would change Attack Complexity from Low to High resulting in an adjusted CVSS v3.1 score of 5.9 (Moderate)\nThe other scenarios (manipulating the operator provisioned-deployment or configuring the globalhub-manager to use a malicious server) would maintain AC:L but would require privileged access. This would change Privileges Required from None to High resulting in an adjusted CVSS v3.1 score of 4.9 (Moderate)\n\nBased on the above the Impact Rating for multicluster-globalhub-manager-rhel9 is Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32589",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2026-03-12T14:43:07.878000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446963"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user\u0027s in-progress image upload.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: quay: insecure direct object reference in BlobUpload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires valid login credentials to the Quay registry. Unauthenticated users cannot exploit this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32589"
},
{
"category": "external",
"summary": "RHBZ#2446963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446963"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32589",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32589"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32589",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32589"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mirror-registry: quay: insecure direct object reference in BlobUpload"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32590",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2026-03-12T14:43:11.443000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446964"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: remote code execution using pickle deserialization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires valid login credentials. The attacker must be authenticated to the registry, either through the web interface or through a container tool such as Podman.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32590"
},
{
"category": "external",
"summary": "RHBZ#2446964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446964"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32590",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32590"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mirror-registry: remote code execution using pickle deserialization"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33747",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-27T02:01:29.921765+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452076"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in BuildKit, a toolkit for converting source code to build artifacts. An untrusted BuildKit frontend can be leveraged to craft a malicious API message, allowing files to be written outside of the designated BuildKit state directory. This vulnerability, which is a form of arbitrary file write, could enable an attacker to execute unauthorized code or escalate their privileges on the system. This issue arises when custom BuildKit frontends are used with specific configuration options.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33747"
},
{
"category": "external",
"summary": "RHBZ#2452076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452076"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33747",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33747"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33747",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33747"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/releases/tag/v0.28.1",
"url": "https://github.com/moby/buildkit/releases/tag/v0.28.1"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj",
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj"
}
],
"release_date": "2026-03-27T00:49:06.165000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, avoid using untrusted BuildKit frontends. Restrict the use of custom BuildKit frontends to only those from verified and trusted sources. Do not specify untrusted frontends via `#syntax` or `--build-arg BUILDKIT_SYNTAX`.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend"
},
{
"cve": "CVE-2026-33894",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-27T21:02:52.462999+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452464"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33894"
},
{
"category": "external",
"summary": "RHBZ#2452464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33894",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33894"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc2313#section-8",
"url": "https://datatracker.ietf.org/doc/html/rfc2313#section-8"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp"
},
{
"category": "external",
"summary": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE",
"url": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc8017.html",
"url": "https://www.rfc-editor.org/rfc/rfc8017.html"
}
],
"release_date": "2026-03-27T20:45:49.583000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
},
{
"cve": "CVE-2026-39892",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-08T22:00:59.416053+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456735"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In default configurations Red Hat products isolate service processes from total system access. Should an attacker be able to exploit this vulnerability their impact will be limited to that service account and they will not have access to the broader system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "RHBZ#2456735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/08/12",
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5",
"url": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
}
],
"release_date": "2026-04-08T20:49:41.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API"
},
{
"cve": "CVE-2026-40192",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-04-16T00:00:49.590876+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458856"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library\u0027s failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40192"
},
{
"category": "external",
"summary": "RHBZ#2458856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40192",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628",
"url": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/pull/9521",
"url": "https://github.com/python-pillow/Pillow/pull/9521"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j"
},
{
"category": "external",
"summary": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb",
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb"
}
],
"release_date": "2026-04-15T22:53:56.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing"
},
{
"cve": "CVE-2026-40895",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2026-04-21T21:02:33.280553+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460297"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "RHBZ#2460297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653"
}
],
"release_date": "2026-04-21T19:59:59.759000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
}
]
}
RHSA-2026:22629
Vulnerability from csaf_redhat - Published: 2026-06-02 18:16 - Updated: 2026-06-30 12:54Summary
Red Hat Security Advisory: Red Hat Quay 3.12.18
Severity
Important
Notes
Topic: Red Hat Quay 3.12.18 is now available with bug fixes.
Details: Quay 3.12.18
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.
7.0 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as Server-Side Request Forgery (SSRF), could allow an attacker to send requests from the application's internal network, potentially leading to the disclosure of sensitive information.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64 | — |
Threats
Impact
Important
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
5.9 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64 | — |
Threats
Impact
Important
A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.
7.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.
7.3 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
7.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64 | — |
Workaround
|
Threats
Impact
Important
References
121 references
Acknowledgments
Antony Di Scala
Michael Whale
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.12.18 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.12.18",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22629",
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62718",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2377",
"url": "https://access.redhat.com/security/cve/CVE-2026-2377"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32589",
"url": "https://access.redhat.com/security/cve/CVE-2026-32589"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32590",
"url": "https://access.redhat.com/security/cve/CVE-2026-32590"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33894",
"url": "https://access.redhat.com/security/cve/CVE-2026-33894"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39892",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40192",
"url": "https://access.redhat.com/security/cve/CVE-2026-40192"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40895",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22629.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.12.18",
"tracking": {
"current_release_date": "2026-06-30T12:54:09+00:00",
"generator": {
"date": "2026-06-30T12:54:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:22629",
"initial_release_date": "2026-06-02T18:16:29+00:00",
"revision_history": [
{
"date": "2026-06-02T18:16:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-02T18:16:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T12:54:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.12",
"product": {
"name": "Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3Ad91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=1779202442"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1779201814"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Abfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=1779212764"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Ae289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1779212189"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1779202203"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1779201784"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1779201791"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=1779841290"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Af8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1779201803"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ac8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1779811412"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1779201814"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Aec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1779212189"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1779201784"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e?arch=arm64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1779201791"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1779201803"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1779811412"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1779201814"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1779212189"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1779201784"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ab59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1779201791"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1779201803"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1779811412"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ae6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1779201814"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Acfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1779212189"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1779201784"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f?arch=s390x\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1779201791"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1779201803"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Af88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1779811412"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-62718",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-09T15:01:48.111177+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456913"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has limited impact due to combination of non-default conditions to exploit: the attacker must be able to control or influence URLs passed to axios in a server-side context, the application must have both `HTTP_PROXY` and `NO_PROXY` configured, and the proxy itself must be positioned to act on the misdirected traffic or have been compromised by the attacker to intercept the rerouted traffic.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "RHBZ#2456913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456913"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1",
"url": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2",
"url": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df",
"url": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/10661",
"url": "https://github.com/axios/axios/pull/10661"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.15.0",
"url": "https://github.com/axios/axios/releases/tag/v1.15.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5"
}
],
"release_date": "2026-04-09T14:31:46.067000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:16:29+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-2377",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-02-11T21:02:44.495000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439201"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as Server-Side Request Forgery (SSRF), could allow an attacker to send requests from the application\u0027s internal network, potentially leading to the disclosure of sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: quay: quay: Server-Side Request Forgery via log export functionality",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Due to the intended and supported use case of Openshift Mirror Registry, deployment in an offline or network-isolated environment, the impact for this product has been downgraded to `Moderate`.\n\nEven in case of compromise, the blast radius is restricted to mirror-registry. It can not be escalated outside the core product. This vulnerability has been scored based on the lack of change of scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2377"
},
{
"category": "external",
"summary": "RHBZ#2439201",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439201"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2377",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2377"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2377",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2377"
}
],
"release_date": "2026-04-08T16:18:10.324000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:16:29+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mirror-registry: quay: quay: Server-Side Request Forgery via log export functionality"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:16:29+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:16:29+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32589",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2026-03-12T14:43:07.878000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446963"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user\u0027s in-progress image upload.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: quay: insecure direct object reference in BlobUpload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires valid login credentials to the Quay registry. Unauthenticated users cannot exploit this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32589"
},
{
"category": "external",
"summary": "RHBZ#2446963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446963"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32589",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32589"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32589",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32589"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:16:29+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mirror-registry: quay: insecure direct object reference in BlobUpload"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32590",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2026-03-12T14:43:11.443000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446964"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: remote code execution using pickle deserialization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires valid login credentials. The attacker must be authenticated to the registry, either through the web interface or through a container tool such as Podman.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32590"
},
{
"category": "external",
"summary": "RHBZ#2446964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446964"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32590",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32590"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:16:29+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mirror-registry: remote code execution using pickle deserialization"
},
{
"cve": "CVE-2026-33894",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-27T21:02:52.462999+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452464"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33894"
},
{
"category": "external",
"summary": "RHBZ#2452464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33894",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33894"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc2313#section-8",
"url": "https://datatracker.ietf.org/doc/html/rfc2313#section-8"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp"
},
{
"category": "external",
"summary": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE",
"url": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc8017.html",
"url": "https://www.rfc-editor.org/rfc/rfc8017.html"
}
],
"release_date": "2026-03-27T20:45:49.583000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:16:29+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:16:29+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
},
{
"cve": "CVE-2026-39892",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-08T22:00:59.416053+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456735"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In default configurations Red Hat products isolate service processes from total system access. Should an attacker be able to exploit this vulnerability their impact will be limited to that service account and they will not have access to the broader system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "RHBZ#2456735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/08/12",
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5",
"url": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
}
],
"release_date": "2026-04-08T20:49:41.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:16:29+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API"
},
{
"cve": "CVE-2026-40192",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-04-16T00:00:49.590876+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458856"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library\u0027s failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40192"
},
{
"category": "external",
"summary": "RHBZ#2458856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40192",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628",
"url": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/pull/9521",
"url": "https://github.com/python-pillow/Pillow/pull/9521"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j"
},
{
"category": "external",
"summary": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb",
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb"
}
],
"release_date": "2026-04-15T22:53:56.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:16:29+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing"
},
{
"cve": "CVE-2026-40895",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2026-04-21T21:02:33.280553+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460297"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "RHBZ#2460297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653"
}
],
"release_date": "2026-04-21T19:59:59.759000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:16:29+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:16:29+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:16:29+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:16:29+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:16:29+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:16:29+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:16:29+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:029c3754ef9adb693785cbb90855eac14da6ff7319b581e06fa80a319b4b397f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:37b54107d51f1aa0aa0bfd02e5373bc5c17fe98521b4a065126fe76a9b5d4a8f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8e1fcc9086776db526a1b2fcbb7c068d71e82eef7098b7df0f72d6a7995bcd7e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:b59d8c379e69debc315b9cad3e155ff2a6e458426b76bb1b6d86e2cf08c56557_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:bfae5410144f3a5b76847634efb9d78407591df98e67f639796e212a4739128b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:034737d3954911f9371c0422ef1b204ba00546d53febfe55ee704e0df2b57682_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cfebea8a32ebeec3963d3b41f8161fd65f698c20d1ffa1f03c630d776c612c93_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e289bf320046335ecf1d032c3add538a539b0f8ded8bca56d0a3c4655f712720_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ec3dc9f6eb57ec9dca9ef4c61d3671f2cca32910ca5c7cc37e2f8e1159594fcc_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6530ab268b54cf9a6cd2166dc89ae86b7e908a4ed26301440f69a6ca7af4a4e9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:002bb098e96b7521e2a9ecc5aac3c4a488d46cd34b10297bde34875101b8d6bc_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:34885b92ee88d400d16f1bc86452d418c79b2f979136614b3887cec67fa353d5_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c0fde56c49356b322ce15194f8da85ea16cd2a7a80a6c8e7d38b94e22cc6e8a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8745cd1c93673e8b33cd80758d16b96f49f49d28fbfce60a069578cb17baa88c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d91c880570c005cb2edcb07d29f8df09504b65710dde2b0c95d17c139c92b777_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:27ab48d03362b795605f841ec15ac20b869e8bd6e69a783d9be7643f6af33a93_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5195314fca91a9531d77397274098564c8e3271f0a9f3adcc4b65b0dc8e2aa8b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:65750c25a337679bbecb7ff4e443df5df76f089ce27952203863d80710b15e06_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e6855bb1099a4bb1b0e53d7ee2359edd8f0b35eafd785eae32eeb7a9939eda72_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:9da58edb2793b2a2fe559fbf9764c251a1fc19a3062956f39e0f138ebb0efffd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:124bada0022d71ad1c20aba7350af8625eac26ef81f89154d22a5f7b8d74820e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:14aa439dcd023927e6d6f27d3695bf99cf0aabe11f4c86f767ef2186bd9b886c_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:9756cfa3d2ed7bcf1c680c9003e0ed90247c4cf8aac020d01ad927058b3b45e1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b228501a85e99cc3f3c6af1b8f927c72c5f779ef4db74e4706d2d46042800b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6e84443d520fc3f75352783c17e4262db596b6a7b194970f0cb276e52aa7cb26_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:80c3d7a1c4b60d82101d6ab598498977fd7e5e6c3a82be0c44afec6fb84cb45a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:c8de70845d1b044f955b1bcdab78ea997a665a9322b3fb8635602679292d8978_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f88e76824ab3d5d3b054bb79c33fc5bf8183238a8bf3e963d978437b0cfa2d69_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…