Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-21680 (GCVE-0-2022-21680)
Vulnerability from cvelistv5 – Published: 2022-01-14 00:00 – Updated: 2025-04-22 18:33
VLAI?
EPSS
Summary
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
Severity ?
7.5 (High)
CWE
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:39.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/markedjs/marked/releases/tag/v4.0.10"
},
{
"name": "FEDORA-2022-784d729f30",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21680",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:42:24.798116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:33:37.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "marked",
"vendor": "markedjs",
"versions": [
{
"status": "affected",
"version": "\u003c 4.0.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-08T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf"
},
{
"url": "https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0"
},
{
"url": "https://github.com/markedjs/marked/releases/tag/v4.0.10"
},
{
"name": "FEDORA-2022-784d729f30",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/"
}
],
"source": {
"advisory": "GHSA-rrrm-qjm4-v8hf",
"discovery": "UNKNOWN"
},
"title": "Cubic catastrophic backtracking (ReDoS) in marked"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21680",
"datePublished": "2022-01-14T00:00:00.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-22T18:33:37.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:marked_project:marked:*:*:*:*:*:node.js:*:*\", \"versionEndExcluding\": \"4.0.10\", \"matchCriteriaId\": \"B83EAFAD-55C6-4F4C-BC5E-5238E85B4832\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.\"}, {\"lang\": \"es\", \"value\": \"Marked es un analizador y compilador de markdown. En versiones anteriores a 4.0.10, la expresi\\u00f3n regular \\\"block.def\\\" pod\\u00eda causar un retroceso catastr\\u00f3fico contra algunas cadenas y conllevar a una denegaci\\u00f3n de servicio por expresi\\u00f3n regular (ReDoS). Cualquiera que ejecute markdown no confiable mediante una versi\\u00f3n vulnerable de marked y no use un trabajador con l\\u00edmite de tiempo puede verse afectado. Este problema est\\u00e1 parcheado en la versi\\u00f3n 4.0.10. Como medida de mitigaci\\u00f3n, evite ejecutar markdown no confiable mediante marked o ejecute marked en un hilo de trabajo y establezca un l\\u00edmite de tiempo razonable para evitar el agotamiento de los recursos\"}]",
"id": "CVE-2022-21680",
"lastModified": "2024-11-21T06:45:13.070",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-01-14T17:15:13.210",
"references": "[{\"url\": \"https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/markedjs/marked/releases/tag/v4.0.10\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/markedjs/marked/releases/tag/v4.0.10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}, {\"lang\": \"en\", \"value\": \"CWE-1333\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1333\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-21680\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-01-14T17:15:13.210\",\"lastModified\":\"2024-11-21T06:45:13.070\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.\"},{\"lang\":\"es\",\"value\":\"Marked es un analizador y compilador de markdown. En versiones anteriores a 4.0.10, la expresi\u00f3n regular \\\"block.def\\\" pod\u00eda causar un retroceso catastr\u00f3fico contra algunas cadenas y conllevar a una denegaci\u00f3n de servicio por expresi\u00f3n regular (ReDoS). Cualquiera que ejecute markdown no confiable mediante una versi\u00f3n vulnerable de marked y no use un trabajador con l\u00edmite de tiempo puede verse afectado. Este problema est\u00e1 parcheado en la versi\u00f3n 4.0.10. Como medida de mitigaci\u00f3n, evite ejecutar markdown no confiable mediante marked o ejecute marked en un hilo de trabajo y establezca un l\u00edmite de tiempo razonable para evitar el agotamiento de los recursos\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"},{\"lang\":\"en\",\"value\":\"CWE-1333\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1333\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:marked_project:marked:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"4.0.10\",\"matchCriteriaId\":\"B83EAFAD-55C6-4F4C-BC5E-5238E85B4832\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}],\"references\":[{\"url\":\"https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/markedjs/marked/releases/tag/v4.0.10\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/markedjs/marked/releases/tag/v4.0.10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2023-AVI-0362
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans IBM. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité, une atteinte à la confidentialité des données, une élévation de privilèges, un déni de service à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | IBM Spectrum Virtualize versions 8.2.x antérieures à 8.2.1.17 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.2.x antérieures à 11.2.4.1 IF1 | ||
| IBM | Spectrum | IBM Spectrum Virtualize versions 8.5.x antérieures à 8.5.0.7 ou 8.5.2.3 ou 8.5.4.0 | ||
| IBM | Spectrum | IBM Spectrum Virtualize versions 8.4.x antérieures à 8.4.0.10 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.1.x antérieures à 11.1.7 FP7 | ||
| IBM | N/A | IBM Cognos Analytics on Cloud Pak for Data versions 4.0.x antérieures à 4.6.5 | ||
| IBM | Spectrum | IBM Spectrum Virtualize versions 8.3.x antérieures à 8.3.1.9 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Virtualize versions 8.2.x ant\u00e9rieures \u00e0 8.2.1.17",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4.1 IF1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Virtualize versions 8.5.x ant\u00e9rieures \u00e0 8.5.0.7 ou 8.5.2.3 ou 8.5.4.0",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Virtualize versions 8.4.x ant\u00e9rieures \u00e0 8.4.0.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 FP7",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics on Cloud Pak for Data versions 4.0.x ant\u00e9rieures \u00e0 4.6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Virtualize versions 8.3.x ant\u00e9rieures \u00e0 8.3.1.9",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2022-32213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
},
{
"name": "CVE-2022-35256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35256"
},
{
"name": "CVE-2015-5237",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
},
{
"name": "CVE-2022-43887",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43887"
},
{
"name": "CVE-2021-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29469"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2022-36364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36364"
},
{
"name": "CVE-2022-39135",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39135"
},
{
"name": "CVE-2022-24434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24434"
},
{
"name": "CVE-2022-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
},
{
"name": "CVE-2022-32212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32212"
},
{
"name": "CVE-2021-3516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3516"
},
{
"name": "CVE-2022-24728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24728"
},
{
"name": "CVE-2022-0185",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0185"
},
{
"name": "CVE-2023-30441",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30441"
},
{
"name": "CVE-2022-24729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24729"
},
{
"name": "CVE-2020-7789",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7789"
},
{
"name": "CVE-2022-32215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"name": "CVE-2022-32214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32214"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2022-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35255"
},
{
"name": "CVE-2022-43883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43883"
},
{
"name": "CVE-2022-39160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39160"
},
{
"name": "CVE-2022-34165",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34165"
},
{
"name": "CVE-2021-39036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39036"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2022-32223",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32223"
},
{
"name": "CVE-2022-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"name": "CVE-2021-3518",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3518"
},
{
"name": "CVE-2022-38708",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38708"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0362",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es,\nune \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une\ninjection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6986505 du 05 mai 2023",
"url": "https://www.ibm.com/support/pages/node/6986505"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6988147 du 05 mai 2023",
"url": "https://www.ibm.com/support/pages/node/6988147"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6987769 du 02 mai 2023",
"url": "https://www.ibm.com/support/pages/node/6987769"
}
]
}
CERTFR-2022-AVI-239
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | IBM Spectrum Protect Plus Container Backup and Restore for Red Hat OpenShift versions 10.1.x antérieures à 10.1.10 | ||
| IBM | Spectrum | IBM Spectrum Protect for Virtual Environments: Data Protection for VMware versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Copy Data Management versions 2.2.x antérieures à 2.2.15 | ||
| IBM | Spectrum | IBM Spectrum Protect Backup-Archive Client web user interface versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus versions 10.1.x antérieures à 10.1.10 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes versions 10.1.x antérieures à 10.1.10 | ||
| IBM | Spectrum | IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Protect Client Management Service versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Protect Operations Center versions 8.1.x antérieures à 8.1.14 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 7.0, 8.0, 8.5 et 9.0 avec Content Collector for Email versions 4.0.x antérieures à 4.0.1 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus File Systems Agent versions 10.1.x antérieures à 10.1.10 | ||
| IBM | Spectrum | IBM Spectrum Protect for Space Management versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Protect Server versions 8.1.x antérieures à 8.1.14 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Protect Plus Container Backup and Restore for Red Hat OpenShift versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Virtual Environments: Data Protection for VMware versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Copy Data Management versions 2.2.x ant\u00e9rieures \u00e0 2.2.15",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Backup-Archive Client web user interface versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Client Management Service versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Operations Center versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 7.0, 8.0, 8.5 et 9.0 avec Content Collector for Email versions 4.0.x ant\u00e9rieures \u00e0 4.0.1",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus File Systems Agent versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Space Management versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Server versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"name": "CVE-2022-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
},
{
"name": "CVE-2021-39002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39002"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2021-38926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38926"
},
{
"name": "CVE-2021-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23222"
},
{
"name": "CVE-2021-29678",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29678"
},
{
"name": "CVE-2020-35508",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35508"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2021-23214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23214"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2021-38951",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38951"
},
{
"name": "CVE-2020-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2021-23727",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23727"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-38931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38931"
},
{
"name": "CVE-2021-3139",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3139"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2021-20373",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20373"
},
{
"name": "CVE-2020-15436",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15436"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2022-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
},
{
"name": "CVE-2021-33026",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33026"
},
{
"name": "CVE-2020-14323",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14323"
},
{
"name": "CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"name": "CVE-2021-41617",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
},
{
"name": "CVE-2020-35513",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35513"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-239",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562471 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562471"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562895 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562895"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6445699 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6445699"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562401 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562401"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562843 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562843"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562849 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562849"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562873 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562873"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562383 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562383"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562405 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562405"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562919 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562919"
}
]
}
CERTFR-2025-AVI-0021
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.14 | ||
| IBM | Spectrum | Spectrum Control versions 5.4.x antérieures à 5.4.13 | ||
| IBM | Spectrum | Spectrum Protect Plus versions 10.1.x antérieures à 10.1.6.4 pour Linux | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x sans les derniers correctifs de sécurité | ||
| IBM | QRadar | QRadar Analyst Workflow versions antérieures à 2.34.0 | ||
| IBM | Db2 | Db2 Big SQL versions antérieures à 7.4.2 pour Cloud Pak for Data |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.14",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Spectrum Control versions 5.4.x ant\u00e9rieures \u00e0 5.4.13 ",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.6.4 pour Linux",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x sans les derniers correctifs de s\u00e9curit\u00e9 ",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Analyst Workflow versions ant\u00e9rieures \u00e0 2.34.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL versions ant\u00e9rieures \u00e0 7.4.2 pour Cloud Pak for Data",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2023-52471",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52471"
},
{
"name": "CVE-2024-36889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36889"
},
{
"name": "CVE-2015-2156",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2156"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2024-42246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42246"
},
{
"name": "CVE-2024-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
},
{
"name": "CVE-2024-26614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26614"
},
{
"name": "CVE-2022-25869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25869"
},
{
"name": "CVE-2024-9355",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9355"
},
{
"name": "CVE-2023-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26116"
},
{
"name": "CVE-2024-26595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26595"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2024-26586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26586"
},
{
"name": "CVE-2024-26638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26638"
},
{
"name": "CVE-2024-47831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47831"
},
{
"name": "CVE-2020-7238",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7238"
},
{
"name": "CVE-2021-46939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46939"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-49766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
},
{
"name": "CVE-2024-36886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36886"
},
{
"name": "CVE-2021-32036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32036"
},
{
"name": "CVE-2024-26802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26802"
},
{
"name": "CVE-2024-36883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36883"
},
{
"name": "CVE-2024-26665",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26665"
},
{
"name": "CVE-2024-40960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40960"
},
{
"name": "CVE-2024-40997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40997"
},
{
"name": "CVE-2023-44270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2024-26645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26645"
},
{
"name": "CVE-2024-42240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42240"
},
{
"name": "CVE-2024-40972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40972"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2024-40959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40959"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2023-5072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2019-10202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2021-32040",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32040"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2024-40974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40974"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-42124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42124"
},
{
"name": "CVE-2023-26117",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26117"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2023-52486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52486"
},
{
"name": "CVE-2014-0193",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0193"
},
{
"name": "CVE-2022-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
},
{
"name": "CVE-2024-39502",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39502"
},
{
"name": "CVE-2024-36005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
},
{
"name": "CVE-2024-26929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26929"
},
{
"name": "CVE-2019-14863",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14863"
},
{
"name": "CVE-2023-52683",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52683"
},
{
"name": "CVE-2024-42131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42131"
},
{
"name": "CVE-2024-35944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35944"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2023-52469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52469"
},
{
"name": "CVE-2024-35809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35809"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2023-52809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52809"
},
{
"name": "CVE-2023-52451",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52451"
},
{
"name": "CVE-2024-39472",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39472"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"name": "CVE-2024-26733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26733"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2024-40998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40998"
},
{
"name": "CVE-2022-46751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46751"
},
{
"name": "CVE-2023-52470",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52470"
},
{
"name": "CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"name": "CVE-2020-7676",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7676"
},
{
"name": "CVE-2024-40995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40995"
},
{
"name": "CVE-2023-26118",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26118"
},
{
"name": "CVE-2024-42238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42238"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2024-43830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43830"
},
{
"name": "CVE-2024-39501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39501"
},
{
"name": "CVE-2023-52730",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52730"
},
{
"name": "CVE-2024-42090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42090"
},
{
"name": "CVE-2024-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26960"
},
{
"name": "CVE-2024-40901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40901"
},
{
"name": "CVE-2021-47321",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47321"
},
{
"name": "CVE-2024-26640",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26640"
},
{
"name": "CVE-2024-40954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
},
{
"name": "CVE-2024-49767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
},
{
"name": "CVE-2024-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2024-47874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47874"
},
{
"name": "CVE-2024-42322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
},
{
"name": "CVE-2024-27019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27019"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2024-41055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41055"
},
{
"name": "CVE-2024-41076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41076"
},
{
"name": "CVE-2024-39506",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39506"
},
{
"name": "CVE-2024-40978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40978"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2019-10768",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10768"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2024-41044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
},
{
"name": "CVE-2024-40958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
},
{
"name": "CVE-2024-26717",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26717"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2024-42152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42152"
},
{
"name": "CVE-2024-39499",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39499"
},
{
"name": "CVE-2024-36006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36006"
},
{
"name": "CVE-2023-52476",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52476"
},
{
"name": "CVE-2023-52463",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52463"
},
{
"name": "CVE-2024-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41064"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2023-52530",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52530"
},
{
"name": "CVE-2024-36000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36000"
},
{
"name": "CVE-2024-26855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26855"
},
{
"name": "CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"name": "CVE-2022-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
},
{
"name": "CVE-2024-42237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42237"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2024-27011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27011"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0021",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180462",
"url": "https://www.ibm.com/support/pages/node/7180462"
},
{
"published_at": "2025-01-07",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180361",
"url": "https://www.ibm.com/support/pages/node/7180361"
},
{
"published_at": "2025-01-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180282",
"url": "https://www.ibm.com/support/pages/node/7180282"
},
{
"published_at": "2025-01-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180314",
"url": "https://www.ibm.com/support/pages/node/7180314"
},
{
"published_at": "2025-01-09",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180450",
"url": "https://www.ibm.com/support/pages/node/7180450"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180545",
"url": "https://www.ibm.com/support/pages/node/7180545"
}
]
}
CERTFR-2025-AVI-0021
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.14 | ||
| IBM | Spectrum | Spectrum Control versions 5.4.x antérieures à 5.4.13 | ||
| IBM | Spectrum | Spectrum Protect Plus versions 10.1.x antérieures à 10.1.6.4 pour Linux | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x sans les derniers correctifs de sécurité | ||
| IBM | QRadar | QRadar Analyst Workflow versions antérieures à 2.34.0 | ||
| IBM | Db2 | Db2 Big SQL versions antérieures à 7.4.2 pour Cloud Pak for Data |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.14",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Spectrum Control versions 5.4.x ant\u00e9rieures \u00e0 5.4.13 ",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.6.4 pour Linux",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x sans les derniers correctifs de s\u00e9curit\u00e9 ",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Analyst Workflow versions ant\u00e9rieures \u00e0 2.34.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL versions ant\u00e9rieures \u00e0 7.4.2 pour Cloud Pak for Data",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2023-52471",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52471"
},
{
"name": "CVE-2024-36889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36889"
},
{
"name": "CVE-2015-2156",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2156"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2024-42246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42246"
},
{
"name": "CVE-2024-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
},
{
"name": "CVE-2024-26614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26614"
},
{
"name": "CVE-2022-25869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25869"
},
{
"name": "CVE-2024-9355",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9355"
},
{
"name": "CVE-2023-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26116"
},
{
"name": "CVE-2024-26595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26595"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2024-26586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26586"
},
{
"name": "CVE-2024-26638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26638"
},
{
"name": "CVE-2024-47831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47831"
},
{
"name": "CVE-2020-7238",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7238"
},
{
"name": "CVE-2021-46939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46939"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-49766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
},
{
"name": "CVE-2024-36886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36886"
},
{
"name": "CVE-2021-32036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32036"
},
{
"name": "CVE-2024-26802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26802"
},
{
"name": "CVE-2024-36883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36883"
},
{
"name": "CVE-2024-26665",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26665"
},
{
"name": "CVE-2024-40960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40960"
},
{
"name": "CVE-2024-40997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40997"
},
{
"name": "CVE-2023-44270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2024-26645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26645"
},
{
"name": "CVE-2024-42240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42240"
},
{
"name": "CVE-2024-40972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40972"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2024-40959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40959"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2023-5072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2019-10202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2021-32040",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32040"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2024-40974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40974"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-42124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42124"
},
{
"name": "CVE-2023-26117",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26117"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2023-52486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52486"
},
{
"name": "CVE-2014-0193",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0193"
},
{
"name": "CVE-2022-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
},
{
"name": "CVE-2024-39502",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39502"
},
{
"name": "CVE-2024-36005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
},
{
"name": "CVE-2024-26929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26929"
},
{
"name": "CVE-2019-14863",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14863"
},
{
"name": "CVE-2023-52683",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52683"
},
{
"name": "CVE-2024-42131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42131"
},
{
"name": "CVE-2024-35944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35944"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2023-52469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52469"
},
{
"name": "CVE-2024-35809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35809"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2023-52809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52809"
},
{
"name": "CVE-2023-52451",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52451"
},
{
"name": "CVE-2024-39472",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39472"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"name": "CVE-2024-26733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26733"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2024-40998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40998"
},
{
"name": "CVE-2022-46751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46751"
},
{
"name": "CVE-2023-52470",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52470"
},
{
"name": "CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"name": "CVE-2020-7676",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7676"
},
{
"name": "CVE-2024-40995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40995"
},
{
"name": "CVE-2023-26118",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26118"
},
{
"name": "CVE-2024-42238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42238"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2024-43830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43830"
},
{
"name": "CVE-2024-39501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39501"
},
{
"name": "CVE-2023-52730",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52730"
},
{
"name": "CVE-2024-42090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42090"
},
{
"name": "CVE-2024-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26960"
},
{
"name": "CVE-2024-40901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40901"
},
{
"name": "CVE-2021-47321",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47321"
},
{
"name": "CVE-2024-26640",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26640"
},
{
"name": "CVE-2024-40954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
},
{
"name": "CVE-2024-49767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
},
{
"name": "CVE-2024-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2024-47874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47874"
},
{
"name": "CVE-2024-42322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
},
{
"name": "CVE-2024-27019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27019"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2024-41055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41055"
},
{
"name": "CVE-2024-41076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41076"
},
{
"name": "CVE-2024-39506",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39506"
},
{
"name": "CVE-2024-40978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40978"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2019-10768",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10768"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2024-41044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
},
{
"name": "CVE-2024-40958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
},
{
"name": "CVE-2024-26717",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26717"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2024-42152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42152"
},
{
"name": "CVE-2024-39499",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39499"
},
{
"name": "CVE-2024-36006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36006"
},
{
"name": "CVE-2023-52476",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52476"
},
{
"name": "CVE-2023-52463",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52463"
},
{
"name": "CVE-2024-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41064"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2023-52530",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52530"
},
{
"name": "CVE-2024-36000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36000"
},
{
"name": "CVE-2024-26855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26855"
},
{
"name": "CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"name": "CVE-2022-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
},
{
"name": "CVE-2024-42237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42237"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2024-27011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27011"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0021",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180462",
"url": "https://www.ibm.com/support/pages/node/7180462"
},
{
"published_at": "2025-01-07",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180361",
"url": "https://www.ibm.com/support/pages/node/7180361"
},
{
"published_at": "2025-01-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180282",
"url": "https://www.ibm.com/support/pages/node/7180282"
},
{
"published_at": "2025-01-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180314",
"url": "https://www.ibm.com/support/pages/node/7180314"
},
{
"published_at": "2025-01-09",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180450",
"url": "https://www.ibm.com/support/pages/node/7180450"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180545",
"url": "https://www.ibm.com/support/pages/node/7180545"
}
]
}
CERTFR-2022-AVI-239
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | IBM Spectrum Protect Plus Container Backup and Restore for Red Hat OpenShift versions 10.1.x antérieures à 10.1.10 | ||
| IBM | Spectrum | IBM Spectrum Protect for Virtual Environments: Data Protection for VMware versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Copy Data Management versions 2.2.x antérieures à 2.2.15 | ||
| IBM | Spectrum | IBM Spectrum Protect Backup-Archive Client web user interface versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus versions 10.1.x antérieures à 10.1.10 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes versions 10.1.x antérieures à 10.1.10 | ||
| IBM | Spectrum | IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Protect Client Management Service versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Protect Operations Center versions 8.1.x antérieures à 8.1.14 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 7.0, 8.0, 8.5 et 9.0 avec Content Collector for Email versions 4.0.x antérieures à 4.0.1 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus File Systems Agent versions 10.1.x antérieures à 10.1.10 | ||
| IBM | Spectrum | IBM Spectrum Protect for Space Management versions 8.1.x antérieures à 8.1.14 | ||
| IBM | Spectrum | IBM Spectrum Protect Server versions 8.1.x antérieures à 8.1.14 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Protect Plus Container Backup and Restore for Red Hat OpenShift versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Virtual Environments: Data Protection for VMware versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Copy Data Management versions 2.2.x ant\u00e9rieures \u00e0 2.2.15",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Backup-Archive Client web user interface versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Client Management Service versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Operations Center versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 7.0, 8.0, 8.5 et 9.0 avec Content Collector for Email versions 4.0.x ant\u00e9rieures \u00e0 4.0.1",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus File Systems Agent versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Space Management versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Server versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"name": "CVE-2022-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
},
{
"name": "CVE-2021-39002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39002"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2021-38926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38926"
},
{
"name": "CVE-2021-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23222"
},
{
"name": "CVE-2021-29678",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29678"
},
{
"name": "CVE-2020-35508",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35508"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2021-23214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23214"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2021-38951",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38951"
},
{
"name": "CVE-2020-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2021-23727",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23727"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-38931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38931"
},
{
"name": "CVE-2021-3139",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3139"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2021-20373",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20373"
},
{
"name": "CVE-2020-15436",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15436"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2022-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
},
{
"name": "CVE-2021-33026",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33026"
},
{
"name": "CVE-2020-14323",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14323"
},
{
"name": "CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"name": "CVE-2021-41617",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
},
{
"name": "CVE-2020-35513",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35513"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-239",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562471 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562471"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562895 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562895"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6445699 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6445699"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562401 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562401"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562843 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562843"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562849 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562849"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562873 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562873"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562383 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562383"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562405 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562405"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6562919 du 11 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6562919"
}
]
}
CERTFR-2023-AVI-0362
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans IBM. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité, une atteinte à la confidentialité des données, une élévation de privilèges, un déni de service à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | IBM Spectrum Virtualize versions 8.2.x antérieures à 8.2.1.17 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.2.x antérieures à 11.2.4.1 IF1 | ||
| IBM | Spectrum | IBM Spectrum Virtualize versions 8.5.x antérieures à 8.5.0.7 ou 8.5.2.3 ou 8.5.4.0 | ||
| IBM | Spectrum | IBM Spectrum Virtualize versions 8.4.x antérieures à 8.4.0.10 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.1.x antérieures à 11.1.7 FP7 | ||
| IBM | N/A | IBM Cognos Analytics on Cloud Pak for Data versions 4.0.x antérieures à 4.6.5 | ||
| IBM | Spectrum | IBM Spectrum Virtualize versions 8.3.x antérieures à 8.3.1.9 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Virtualize versions 8.2.x ant\u00e9rieures \u00e0 8.2.1.17",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4.1 IF1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Virtualize versions 8.5.x ant\u00e9rieures \u00e0 8.5.0.7 ou 8.5.2.3 ou 8.5.4.0",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Virtualize versions 8.4.x ant\u00e9rieures \u00e0 8.4.0.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 FP7",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics on Cloud Pak for Data versions 4.0.x ant\u00e9rieures \u00e0 4.6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Virtualize versions 8.3.x ant\u00e9rieures \u00e0 8.3.1.9",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2022-32213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
},
{
"name": "CVE-2022-35256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35256"
},
{
"name": "CVE-2015-5237",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
},
{
"name": "CVE-2022-43887",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43887"
},
{
"name": "CVE-2021-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29469"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2022-36364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36364"
},
{
"name": "CVE-2022-39135",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39135"
},
{
"name": "CVE-2022-24434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24434"
},
{
"name": "CVE-2022-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
},
{
"name": "CVE-2022-32212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32212"
},
{
"name": "CVE-2021-3516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3516"
},
{
"name": "CVE-2022-24728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24728"
},
{
"name": "CVE-2022-0185",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0185"
},
{
"name": "CVE-2023-30441",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30441"
},
{
"name": "CVE-2022-24729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24729"
},
{
"name": "CVE-2020-7789",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7789"
},
{
"name": "CVE-2022-32215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"name": "CVE-2022-32214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32214"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2022-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35255"
},
{
"name": "CVE-2022-43883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43883"
},
{
"name": "CVE-2022-39160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39160"
},
{
"name": "CVE-2022-34165",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34165"
},
{
"name": "CVE-2021-39036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39036"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2022-32223",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32223"
},
{
"name": "CVE-2022-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"name": "CVE-2021-3518",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3518"
},
{
"name": "CVE-2022-38708",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38708"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0362",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es,\nune \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une\ninjection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6986505 du 05 mai 2023",
"url": "https://www.ibm.com/support/pages/node/6986505"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6988147 du 05 mai 2023",
"url": "https://www.ibm.com/support/pages/node/6988147"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6987769 du 02 mai 2023",
"url": "https://www.ibm.com/support/pages/node/6987769"
}
]
}
GSD-2022-21680
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-21680",
"description": "Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.",
"id": "GSD-2022-21680"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-21680"
],
"details": "Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.",
"id": "GSD-2022-21680",
"modified": "2023-12-13T01:19:15.090864Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21680",
"STATE": "PUBLIC",
"TITLE": "Cubic catastrophic backtracking (ReDoS) in marked"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "marked",
"version": {
"version_data": [
{
"version_value": "\u003c 4.0.10"
}
]
}
}
]
},
"vendor_name": "markedjs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-1333: Inefficient Regular Expression Complexity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf",
"refsource": "CONFIRM",
"url": "https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf"
},
{
"name": "https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0",
"refsource": "MISC",
"url": "https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0"
},
{
"name": "https://github.com/markedjs/marked/releases/tag/v4.0.10",
"refsource": "MISC",
"url": "https://github.com/markedjs/marked/releases/tag/v4.0.10"
},
{
"name": "FEDORA-2022-784d729f30",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/"
}
]
},
"source": {
"advisory": "GHSA-rrrm-qjm4-v8hf",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c4.0.10",
"affected_versions": "All versions before 4.0.10",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-1333",
"CWE-937"
],
"date": "2023-07-24",
"description": "The regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.",
"fixed_versions": [
"4.0.10"
],
"identifier": "CVE-2022-21680",
"identifiers": [
"CVE-2022-21680",
"GHSA-rrrm-qjm4-v8hf"
],
"not_impacted": "All versions starting from 4.0.10",
"package_slug": "npm/marked",
"pubdate": "2022-01-14",
"solution": "Upgrade to version 4.0.10 or above.",
"title": "Inefficient Regular Expression Complexity",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-21680",
"https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf",
"https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0",
"https://github.com/markedjs/marked/releases/tag/v4.0.10"
],
"uuid": "dc02f221-a495-47d1-9841-0b4dbd4a2ba3"
},
{
"affected_range": "(,4.0.10)",
"affected_versions": "All versions before 4.0.10",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-1333",
"CWE-937"
],
"date": "2023-07-24",
"description": "The regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.",
"fixed_versions": [],
"identifier": "CVE-2022-21680",
"identifiers": [
"CVE-2022-21680",
"GHSA-rrrm-qjm4-v8hf"
],
"not_impacted": "",
"package_slug": "nuget/marked",
"pubdate": "2022-01-14",
"solution": "Unfortunately, there is no solution available yet.",
"title": "Inefficient Regular Expression Complexity",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-21680",
"https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf",
"https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0",
"https://github.com/markedjs/marked/releases/tag/v4.0.10"
],
"uuid": "e0542de9-c6f6-4abc-bde5-d6c3c1737e4b"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:marked_project:marked:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21680"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf"
},
{
"name": "https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0"
},
{
"name": "https://github.com/markedjs/marked/releases/tag/v4.0.10",
"refsource": "MISC",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/markedjs/marked/releases/tag/v4.0.10"
},
{
"name": "FEDORA-2022-784d729f30",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-07-24T13:54Z",
"publishedDate": "2022-01-14T17:15Z"
}
}
}
RHSA-2023_3642
Vulnerability from csaf_redhat - Published: 2023-06-15 15:59 - Updated: 2024-12-17 22:21Summary
Red Hat Security Advisory: Red Hat Ceph Storage 6.1 Container security and bug fix update
Notes
Topic
A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
This new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9.
Security Fix(es):
* crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements (CVE-2022-41912)
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* grafana: stored XSS vulnerability (CVE-2022-31097)
* grafana: OAuth account takeover (CVE-2022-31107)
* ramda: prototype poisoning (CVE-2021-42581)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* marked: regular expression block.def may lead Denial of Service (CVE-2022-21680)
* marked: regular expression inline.reflinkSearch may lead Denial of Service (CVE-2022-21681)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix (CVE-2022-26148)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
* golang: syscall: faccessat checks wrong group (CVE-2022-29526)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* grafana: plugin signature bypass (CVE-2022-31123)
* grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (CVE-2022-31130)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)
* grafana: Escalation from admin to server admin when auth proxy is used (CVE-2022-35957)
* grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins (CVE-2022-39201)
* grafana: using email as a username can block other users from signing in (CVE-2022-39229)
* grafana: email addresses and usernames cannot be trusted (CVE-2022-39306)
* grafana: User enumeration via forget password (CVE-2022-39307)
* grafana: Spoofing of the originalUrl parameter of snapshots (CVE-2022-39324)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index
All users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous enhancements and bug fixes.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.\n\nThis new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9.\n\nSecurity Fix(es):\n\n* crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements (CVE-2022-41912)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* grafana: stored XSS vulnerability (CVE-2022-31097)\n\n* grafana: OAuth account takeover (CVE-2022-31107)\n\n* ramda: prototype poisoning (CVE-2021-42581)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n\n* marked: regular expression block.def may lead Denial of Service (CVE-2022-21680)\n\n* marked: regular expression inline.reflinkSearch may lead Denial of Service (CVE-2022-21681)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix (CVE-2022-26148)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* grafana: plugin signature bypass (CVE-2022-31123)\n\n* grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (CVE-2022-31130)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)\n\n* grafana: Escalation from admin to server admin when auth proxy is used (CVE-2022-35957)\n\n* grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins (CVE-2022-39201)\n\n* grafana: using email as a username can block other users from signing in (CVE-2022-39229)\n\n* grafana: email addresses and usernames cannot be trusted (CVE-2022-39306)\n\n* grafana: User enumeration via forget password (CVE-2022-39307)\n\n* grafana: Spoofing of the originalUrl parameter of snapshots (CVE-2022-39324)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nSpace precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index\n\nAll users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous enhancements and bug fixes.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3642",
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index"
},
{
"category": "external",
"summary": "2066563",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066563"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "2082705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082705"
},
{
"category": "external",
"summary": "2082706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082706"
},
{
"category": "external",
"summary": "2083778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083778"
},
{
"category": "external",
"summary": "2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2104365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104365"
},
{
"category": "external",
"summary": "2104367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104367"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2125514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2125514"
},
{
"category": "external",
"summary": "2131146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131146"
},
{
"category": "external",
"summary": "2131147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131147"
},
{
"category": "external",
"summary": "2131148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131148"
},
{
"category": "external",
"summary": "2131149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131149"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2138014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138014"
},
{
"category": "external",
"summary": "2138015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138015"
},
{
"category": "external",
"summary": "2148252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148252"
},
{
"category": "external",
"summary": "2149181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149181"
},
{
"category": "external",
"summary": "2168965",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168965"
},
{
"category": "external",
"summary": "2174461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174461"
},
{
"category": "external",
"summary": "2174462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174462"
},
{
"category": "external",
"summary": "2186142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186142"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3642.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ceph Storage 6.1 Container security and bug fix update",
"tracking": {
"current_release_date": "2024-12-17T22:21:21+00:00",
"generator": {
"date": "2024-12-17T22:21:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:3642",
"initial_release_date": "2023-06-15T15:59:41+00:00",
"revision_history": [
{
"date": "2023-06-15T15:59:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-06-15T15:59:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:21:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 6.1 Tools",
"product": {
"name": "Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:6.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"product": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"product_id": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.4-3"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-5"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"product": {
"name": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"product_id": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-177"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.17-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-36"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"product": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"product_id": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.4-3"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-5"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"product": {
"name": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"product_id": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-177"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.17-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-36"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"product": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"product_id": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.4-3"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-5"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"product": {
"name": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"product_id": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-177"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.17-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-36"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64"
},
"product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x"
},
"product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
},
"product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x"
},
"product_reference": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64"
},
"product_reference": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le"
},
"product_reference": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-42581",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-05-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2083778"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ramda: prototype poisoning",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are the application-ui container up to and including RHACM 2.4.4, 2.3.10 and 2.2.13 and grc-ui container up to and including RHACM 2.2.13 versions. However not any RHACM is affected in the kui-web-terminal container as is using already patched and not affected version, therefore we are not impacted in this particular component. In RHACM these components are behind OpenShift OAuth. This restricts access to the vulnerable ramda library to authenticated users only, therefore the impact is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-42581"
},
{
"category": "external",
"summary": "RHBZ#2083778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-42581",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42581"
},
{
"category": "external",
"summary": "https://github.com/ramda/ramda/pull/3192",
"url": "https://github.com/ramda/ramda/pull/3192"
}
],
"release_date": "2022-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ramda: prototype poisoning"
},
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "eventsource: Exposure of Sensitive Information"
},
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-21680",
"cwe": {
"id": "CWE-186",
"name": "Overly Restrictive Regular Expression"
},
"discovery_date": "2022-05-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2082705"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "marked: regular expression block.def may lead Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21680"
},
{
"category": "external",
"summary": "RHBZ#2082705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082705"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21680",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21680"
}
],
"release_date": "2022-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "marked: regular expression block.def may lead Denial of Service"
},
{
"cve": "CVE-2022-21681",
"cwe": {
"id": "CWE-186",
"name": "Overly Restrictive Regular Expression"
},
"discovery_date": "2022-05-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2082706"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "marked: regular expression inline.reflinkSearch may lead Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21681"
},
{
"category": "external",
"summary": "RHBZ#2082706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082706"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21681",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21681"
}
],
"release_date": "2022-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "marked: regular expression inline.reflinkSearch may lead Denial of Service"
},
{
"cve": "CVE-2022-23498",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-02-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2167266"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Grafana package. When data-source query caching is enabled, Grafana caches all headers, including `grafana_session.` As a result, any user that queries a data source where the caching is enabled can acquire another user\u2019s session.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Use of Cache Containing Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23498"
},
{
"category": "external",
"summary": "RHBZ#2167266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167266"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23498",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23498"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23498",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23498"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8"
}
],
"release_date": "2023-02-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "workaround",
"details": "To mitigate the vulnerability, disable the data source query caching for all data sources.",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana: Use of Cache Containing Sensitive Information"
},
{
"cve": "CVE-2022-24675",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077688"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/pem: fix stack overflow in Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24675"
},
{
"category": "external",
"summary": "RHBZ#2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/pem: fix stack overflow in Decode"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-26148",
"cwe": {
"id": "CWE-312",
"name": "Cleartext Storage of Sensitive Information"
},
"discovery_date": "2022-03-22T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2066563"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Grafana when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right-click to view the source code and use Ctrl-F to search for the password in api_jsonrpc.php to discover the Zabbix account password and URL address.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26148"
},
{
"category": "external",
"summary": "RHBZ#2066563",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066563"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26148"
}
],
"release_date": "2022-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-28131",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Decoder.Skip",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28131"
},
{
"category": "external",
"summary": "RHBZ#2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131"
},
{
"category": "external",
"summary": "https://go.dev/issue/53614",
"url": "https://go.dev/issue/53614"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Decoder.Skip"
},
{
"cve": "CVE-2022-28327",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077689"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: panic caused by oversized scalar",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28327"
},
{
"category": "external",
"summary": "RHBZ#2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: panic caused by oversized scalar"
},
{
"acknowledgments": [
{
"names": [
"Jo\u00ebl G\u00e4hwiler"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-29526",
"cwe": {
"id": "CWE-280",
"name": "Improper Handling of Insufficient Permissions or Privileges "
},
"discovery_date": "2022-05-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2084085"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file\u0027s group, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: faccessat checks wrong group",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29526"
},
{
"category": "external",
"summary": "RHBZ#2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU",
"url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
}
],
"release_date": "2022-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: faccessat checks wrong group"
},
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30633",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Unmarshal",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30633"
},
{
"category": "external",
"summary": "RHBZ#2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633"
},
{
"category": "external",
"summary": "https://go.dev/issue/53611",
"url": "https://go.dev/issue/53611"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Unmarshal"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-31097",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-07-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2104365"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability was found in the Unified Alerting feature of Grafana. This stored XSS can elevate privileges from Editor to Admin.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: stored XSS vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31097"
},
{
"category": "external",
"summary": "RHBZ#2104365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104365"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31097"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31097",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31097"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f"
}
],
"release_date": "2022-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "workaround",
"details": "Disable Unified alerting.\nhttps://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#unified_alerting",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana: stored XSS vulnerability"
},
{
"acknowledgments": [
{
"names": [
"HTTPVoid team"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-31107",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2022-07-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2104367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Grafana. This flaw allows a malicious user with the authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under certain conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: OAuth account takeover",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31107"
},
{
"category": "external",
"summary": "RHBZ#2104367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31107",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31107"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31107",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31107"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2"
}
],
"release_date": "2022-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "workaround",
"details": "As a workaround, it is possible to disable any OAuth login or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana: OAuth account takeover"
},
{
"cve": "CVE-2022-31123",
"discovery_date": "2022-09-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2131147"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Grafana web application, where it is possible to install plugins which are not digitally signed. An admin could install unsigned plugins, which may contain malicious code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: plugin signature bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31123"
},
{
"category": "external",
"summary": "RHBZ#2131147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131147"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31123"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31123",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31123"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: plugin signature bypass"
},
{
"cve": "CVE-2022-31130",
"discovery_date": "2022-09-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2131146"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Grafana\u0027s use of the GitLab data source plugin, leaking the API key to gitlab. This can result in the destination plugin receiving a Grafana user\u0027s authentication token, which could be used by an attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31130"
},
{
"category": "external",
"summary": "RHBZ#2131146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131146"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31130"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31130",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31130"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
},
{
"cve": "CVE-2022-32190",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124668"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. The JoinPath doesn\u0027t remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: JoinPath does not strip relative path components in all circumstances",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerable functions, JoinPath and URL.JoinPath was introduced in upstream go1.19, whereas, RHEL ships go1.17 and go1.18 versions, which does not contain the vulnerable code. Hence, packages shipped with RHEL-8, RHEL-9 are not affected.\n\nAll Y stream releases of OpenShift Container Platform 4 run on RHEL-8 or RHEL-9, so OCP 4 is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32190"
},
{
"category": "external",
"summary": "RHBZ#2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190"
},
{
"category": "external",
"summary": "https://go.dev/issue/54385",
"url": "https://go.dev/issue/54385"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/url: JoinPath does not strip relative path components in all circumstances"
},
{
"cve": "CVE-2022-35957",
"cwe": {
"id": "CWE-288",
"name": "Authentication Bypass Using an Alternate Path or Channel"
},
"discovery_date": "2022-09-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2125514"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the grafana package. Auth proxy allows authentication of a user by only providing the username (or email) in an X-WEBAUTH-USER HTTP header. The trust assumption is that a front proxy will take care of authentication and that the Grafana server is only publicly reachable with this front proxy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Escalation from admin to server admin when auth proxy is used",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-35957"
},
{
"category": "external",
"summary": "RHBZ#2125514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2125514"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-35957",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35957"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-35957",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35957"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: Escalation from admin to server admin when auth proxy is used"
},
{
"cve": "CVE-2022-39201",
"discovery_date": "2022-09-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2131148"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Grafana. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. Grafana could leak the authentication cookie of users to plugins, which could result in an impact to confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39201"
},
{
"category": "external",
"summary": "RHBZ#2131148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131148"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39201",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39201"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins"
},
{
"cve": "CVE-2022-39229",
"discovery_date": "2022-09-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2131149"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Grafana web application. When a user logs into the system, either the username or email address can be used. However, the login system allows both a username and connected email to be registered, which could allow an attacker to prevent a user which has an associated email address access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: using email as a username can block other users from signing in",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39229"
},
{
"category": "external",
"summary": "RHBZ#2131149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39229",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39229"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: using email as a username can block other users from signing in"
},
{
"acknowledgments": [
{
"names": [
"Grafana Team"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-39306",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2022-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2138014"
}
],
"notes": [
{
"category": "description",
"text": "An authentication bypass flaw was discovered in Grafana. This issue could allow a remote unauthenticated attacker to create an account and provide access to a certain organization, which can be exploited by gaining access to the signup link. The highest impacts to the system are confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: email addresses and usernames cannot be trusted",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39306"
},
{
"category": "external",
"summary": "RHBZ#2138014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138014"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39306",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39306"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39306",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39306"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/",
"url": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/"
}
],
"release_date": "2022-11-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: email addresses and usernames cannot be trusted"
},
{
"acknowledgments": [
{
"names": [
"Grafana Team"
]
}
],
"cve": "CVE-2022-39307",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2138015"
}
],
"notes": [
{
"category": "description",
"text": "An information leak was discovered in Grafana. Remote unauthenticated users could exploit the forget password feature to discover which user accounts exist.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: User enumeration via forget password",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39307"
},
{
"category": "external",
"summary": "RHBZ#2138015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138015"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39307"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/",
"url": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/"
}
],
"release_date": "2022-11-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: User enumeration via forget password"
},
{
"acknowledgments": [
{
"names": [
"Grafana Security Team"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-39324",
"cwe": {
"id": "CWE-472",
"name": "External Control of Assumed-Immutable Web Parameter"
},
"discovery_date": "2022-11-24T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2148252"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the grafana package. While creating a snapshot, an attacker may manipulate a hidden HTTP parameter to inject a malicious URL in the \"Open original dashboard\" button.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Spoofing of the originalUrl parameter of snapshots",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Service Mesh containers include the Grafana RPM from RHEL and consume CVE fixes for Grafana from RHEL channels. The servicemesh-grafana RPM shipped in early versions of OpenShift Service Mesh 2.1 is no longer maintained.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39324"
},
{
"category": "external",
"summary": "RHBZ#2148252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148252"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39324",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39324"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39324",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39324"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/",
"url": "https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/"
}
],
"release_date": "2023-01-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: Spoofing of the originalUrl parameter of snapshots"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-41912",
"cwe": {
"id": "CWE-165",
"name": "Improper Neutralization of Multiple Internal Special Elements"
},
"discovery_date": "2022-11-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2149181"
}
],
"notes": [
{
"category": "description",
"text": "An authentication bypass flaw was discovered in the crewjam/saml go package. A remote unauthenticated attacker could trigger it by sending a SAML request. This would allow an escalation of privileges and then enable compromising system integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Whilst the Red Hat Advanced Cluster Management for Kubernetes (RHACM) acm-grafana container include the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Therefore the impact by this flaw is reduced from Critical to Important.\n\nThe OCP grafana-container includes the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Therefore the impact by this flaw is reduced from Critical to Important.\n\nWhile Red Hat Ceph Storage 4\u0027s grafana-container includes the affected code, this is used for logging and limits access to the rest of the Ceph cluster. Thus the impact has been reduced from critical to important. Red Hat Ceph Storage 3 and 4 do not use crewjam/saml in their version of grafana.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41912"
},
{
"category": "external",
"summary": "RHBZ#2149181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149181"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41912",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41912"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41912",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41912"
},
{
"category": "external",
"summary": "https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g",
"url": "https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g"
}
],
"release_date": "2022-11-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements"
}
]
}
RHSA-2023:3642
Vulnerability from csaf_redhat - Published: 2023-06-15 15:59 - Updated: 2025-12-04 05:09Summary
Red Hat Security Advisory: Red Hat Ceph Storage 6.1 Container security and bug fix update
Notes
Topic
A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
This new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9.
Security Fix(es):
* crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements (CVE-2022-41912)
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* grafana: stored XSS vulnerability (CVE-2022-31097)
* grafana: OAuth account takeover (CVE-2022-31107)
* ramda: prototype poisoning (CVE-2021-42581)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* marked: regular expression block.def may lead Denial of Service (CVE-2022-21680)
* marked: regular expression inline.reflinkSearch may lead Denial of Service (CVE-2022-21681)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix (CVE-2022-26148)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
* golang: syscall: faccessat checks wrong group (CVE-2022-29526)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* grafana: plugin signature bypass (CVE-2022-31123)
* grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (CVE-2022-31130)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)
* grafana: Escalation from admin to server admin when auth proxy is used (CVE-2022-35957)
* grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins (CVE-2022-39201)
* grafana: using email as a username can block other users from signing in (CVE-2022-39229)
* grafana: email addresses and usernames cannot be trusted (CVE-2022-39306)
* grafana: User enumeration via forget password (CVE-2022-39307)
* grafana: Spoofing of the originalUrl parameter of snapshots (CVE-2022-39324)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index
All users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous enhancements and bug fixes.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.\n\nThis new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9.\n\nSecurity Fix(es):\n\n* crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements (CVE-2022-41912)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* grafana: stored XSS vulnerability (CVE-2022-31097)\n\n* grafana: OAuth account takeover (CVE-2022-31107)\n\n* ramda: prototype poisoning (CVE-2021-42581)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n\n* marked: regular expression block.def may lead Denial of Service (CVE-2022-21680)\n\n* marked: regular expression inline.reflinkSearch may lead Denial of Service (CVE-2022-21681)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix (CVE-2022-26148)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* grafana: plugin signature bypass (CVE-2022-31123)\n\n* grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (CVE-2022-31130)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)\n\n* grafana: Escalation from admin to server admin when auth proxy is used (CVE-2022-35957)\n\n* grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins (CVE-2022-39201)\n\n* grafana: using email as a username can block other users from signing in (CVE-2022-39229)\n\n* grafana: email addresses and usernames cannot be trusted (CVE-2022-39306)\n\n* grafana: User enumeration via forget password (CVE-2022-39307)\n\n* grafana: Spoofing of the originalUrl parameter of snapshots (CVE-2022-39324)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nSpace precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index\n\nAll users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous enhancements and bug fixes.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3642",
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index"
},
{
"category": "external",
"summary": "2066563",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066563"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "2082705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082705"
},
{
"category": "external",
"summary": "2082706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082706"
},
{
"category": "external",
"summary": "2083778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083778"
},
{
"category": "external",
"summary": "2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2104365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104365"
},
{
"category": "external",
"summary": "2104367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104367"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2125514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2125514"
},
{
"category": "external",
"summary": "2131146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131146"
},
{
"category": "external",
"summary": "2131147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131147"
},
{
"category": "external",
"summary": "2131148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131148"
},
{
"category": "external",
"summary": "2131149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131149"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2138014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138014"
},
{
"category": "external",
"summary": "2138015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138015"
},
{
"category": "external",
"summary": "2148252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148252"
},
{
"category": "external",
"summary": "2149181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149181"
},
{
"category": "external",
"summary": "2168965",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168965"
},
{
"category": "external",
"summary": "2174461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174461"
},
{
"category": "external",
"summary": "2174462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174462"
},
{
"category": "external",
"summary": "2186142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186142"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3642.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ceph Storage 6.1 Container security and bug fix update",
"tracking": {
"current_release_date": "2025-12-04T05:09:04+00:00",
"generator": {
"date": "2025-12-04T05:09:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2023:3642",
"initial_release_date": "2023-06-15T15:59:41+00:00",
"revision_history": [
{
"date": "2023-06-15T15:59:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-06-15T15:59:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-04T05:09:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 6.1 Tools",
"product": {
"name": "Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:6.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"product": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"product_id": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.4-3"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-5"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"product": {
"name": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"product_id": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-177"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.17-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-36"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"product": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"product_id": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.4-3"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-5"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"product": {
"name": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"product_id": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-177"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.17-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-36"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"product": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"product_id": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.4-3"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-5"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"product": {
"name": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"product_id": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-177"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.17-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-36"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64"
},
"product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x"
},
"product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
},
"product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x"
},
"product_reference": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64"
},
"product_reference": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le"
},
"product_reference": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-42581",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-05-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2083778"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ramda: prototype poisoning",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are the application-ui container up to and including RHACM 2.4.4, 2.3.10 and 2.2.13 and grc-ui container up to and including RHACM 2.2.13 versions. However not any RHACM is affected in the kui-web-terminal container as is using already patched and not affected version, therefore we are not impacted in this particular component. In RHACM these components are behind OpenShift OAuth. This restricts access to the vulnerable ramda library to authenticated users only, therefore the impact is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-42581"
},
{
"category": "external",
"summary": "RHBZ#2083778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-42581",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42581"
},
{
"category": "external",
"summary": "https://github.com/ramda/ramda/pull/3192",
"url": "https://github.com/ramda/ramda/pull/3192"
}
],
"release_date": "2022-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ramda: prototype poisoning"
},
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "eventsource: Exposure of Sensitive Information"
},
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform uses secure, encrypted HTTPS connections over TLS 1.2 to reduce the risk of smuggling attacks by preventing the injection of ambiguous or malformed requests between components. The environment employs IPS/IDS and antimalware solutions to detect and block malicious code while ensuring consistent interpretation of HTTP requests across network layers, mitigating request/response inconsistencies. Event logs are collected and analyzed for centralization, correlation, monitoring, alerting, and retention, enabling the detection of malformed or suspicious HTTP traffic. Static code analysis and peer reviews enforce strong input validation and error handling to ensure all user inputs adhere to HTTP protocol specifications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-21680",
"cwe": {
"id": "CWE-186",
"name": "Overly Restrictive Regular Expression"
},
"discovery_date": "2022-05-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2082705"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "marked: regular expression block.def may lead Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21680"
},
{
"category": "external",
"summary": "RHBZ#2082705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082705"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21680",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21680"
}
],
"release_date": "2022-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "marked: regular expression block.def may lead Denial of Service"
},
{
"cve": "CVE-2022-21681",
"cwe": {
"id": "CWE-186",
"name": "Overly Restrictive Regular Expression"
},
"discovery_date": "2022-05-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2082706"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "marked: regular expression inline.reflinkSearch may lead Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21681"
},
{
"category": "external",
"summary": "RHBZ#2082706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082706"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21681",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21681"
}
],
"release_date": "2022-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "marked: regular expression inline.reflinkSearch may lead Denial of Service"
},
{
"cve": "CVE-2022-23498",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-02-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2167266"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Grafana package. When data-source query caching is enabled, Grafana caches all headers, including `grafana_session.` As a result, any user that queries a data source where the caching is enabled can acquire another user\u2019s session.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Use of Cache Containing Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23498"
},
{
"category": "external",
"summary": "RHBZ#2167266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167266"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23498",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23498"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23498",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23498"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8"
}
],
"release_date": "2023-02-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "workaround",
"details": "To mitigate the vulnerability, disable the data source query caching for all data sources.",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana: Use of Cache Containing Sensitive Information"
},
{
"cve": "CVE-2022-24675",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077688"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/pem: fix stack overflow in Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat follows best practice and federal requirements for least privilege, allowing only specific processes to be run with isolated accounts specific to the team and federal platforms that have limited privileges that are only used for a single task. The environment leverages file integrity checks and malicious code protections, such as IPS/IDS and antimalware solutions, to help detect and prevent malicious code that attempts to exploit buffer overflow vulnerabilities. Robust input validation and error-handling mechanisms ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24675"
},
{
"category": "external",
"summary": "RHBZ#2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/pem: fix stack overflow in Decode"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Quay 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-26148",
"cwe": {
"id": "CWE-312",
"name": "Cleartext Storage of Sensitive Information"
},
"discovery_date": "2022-03-22T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2066563"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Grafana when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right-click to view the source code and use Ctrl-F to search for the password in api_jsonrpc.php to discover the Zabbix account password and URL address.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26148"
},
{
"category": "external",
"summary": "RHBZ#2066563",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066563"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26148"
}
],
"release_date": "2022-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-28131",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Decoder.Skip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability exists in the calling of the function decoder.skip to a deeply nested XML document. Although the vulnerability exists, it may require that the application accept deeply nested XML from untrusted sources and specifically calls Decoder.Skip on it. In many deployments, that code path might not even be reachable or exposed to external input. On top of that, a successful exploitation will only result in denial of service due to stack exhaustion, which is why this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28131"
},
{
"category": "external",
"summary": "RHBZ#2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131"
},
{
"category": "external",
"summary": "https://go.dev/issue/53614",
"url": "https://go.dev/issue/53614"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Decoder.Skip"
},
{
"cve": "CVE-2022-28327",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077689"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: panic caused by oversized scalar",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A moderate severity flaw was found in Go\u2019s crypto/elliptic package in the generic P-256 implementation. If a scalar input longer than 32 bytes is supplied, P256().ScalarMult or P256().ScalarBaseMult can panic, causing the application to crash. Indirect uses via crypto/ecdsa and crypto/tls are not affected. This issue impacts availability but does not affect confidentiality or integrity. Only certain platforms (non-amd64, non-arm64, non-ppc64le, non-s390x) may be affected.\n\nRed Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28327"
},
{
"category": "external",
"summary": "RHBZ#2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: panic caused by oversized scalar"
},
{
"acknowledgments": [
{
"names": [
"Jo\u00ebl G\u00e4hwiler"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-29526",
"cwe": {
"id": "CWE-280",
"name": "Improper Handling of Insufficient Permissions or Privileges "
},
"discovery_date": "2022-05-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2084085"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file\u0027s group, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: faccessat checks wrong group",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29526"
},
{
"category": "external",
"summary": "RHBZ#2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU",
"url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
}
],
"release_date": "2022-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: faccessat checks wrong group"
},
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-1325: Improperly Controlled Sequential Memory Allocation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and is governed by least privilege to ensure only authorized users and roles can execute or modify code. Static code analysis and peer reviews enforce strong input validation and error handling, preventing improperly validated inputs from causing system instability, data exposure, or privilege escalation. In the event of successful exploitation, process isolation limits the impact of excessive sequential memory allocation by restricting memory use per process, preventing any single process from exhausting system resources. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to reduce the risk of memory allocation-based attacks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-1325: Improperly Controlled Sequential Memory Allocation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and is governed by least privilege to ensure only authorized users and roles can execute or modify code. Static code analysis and peer reviews enforce strong input validation and error handling, preventing improperly validated inputs from causing system instability, data exposure, or privilege escalation. In the event of successful exploitation, process isolation limits the impact of excessive sequential memory allocation by restricting memory use per process, preventing any single process from exhausting system resources. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to reduce the risk of memory allocation-based attacks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-1325: Improperly Controlled Sequential Memory Allocation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and is governed by least privilege to ensure only authorized users and roles can execute or modify code. Static code analysis and peer reviews enforce strong input validation and error handling, preventing improperly validated inputs from causing system instability, data exposure, or privilege escalation. In the event of successful exploitation, process isolation limits the impact of excessive sequential memory allocation by restricting memory use per process, preventing any single process from exhausting system resources. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to reduce the risk of memory allocation-based attacks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30633",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Unmarshal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has marked this as moderate impact for two primary reasons\n1. Though the vulnerability exists, it is hard to exploit in real scenarios (e.g., the attacker must be able to feed crafted XML documents into specific code paths).\n2. The vulnerability is a denial of service (DoS) due to stack exhaustion rather than code execution or data breach. Since it doesn\u2019t compromise confidentiality or integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30633"
},
{
"category": "external",
"summary": "RHBZ#2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633"
},
{
"category": "external",
"summary": "https://go.dev/issue/53611",
"url": "https://go.dev/issue/53611"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Unmarshal"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-1325: Improperly Controlled Sequential Memory Allocation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and is governed by least privilege to ensure only authorized users and roles can execute or modify code. Static code analysis and peer reviews enforce strong input validation and error handling, preventing improperly validated inputs from causing system instability, data exposure, or privilege escalation. In the event of successful exploitation, process isolation limits the impact of excessive sequential memory allocation by restricting memory use per process, preventing any single process from exhausting system resources. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to reduce the risk of memory allocation-based attacks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-31097",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-07-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2104365"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability was found in the Unified Alerting feature of Grafana. This stored XSS can elevate privileges from Editor to Admin.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: stored XSS vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31097"
},
{
"category": "external",
"summary": "RHBZ#2104365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104365"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31097"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31097",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31097"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f"
}
],
"release_date": "2022-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "workaround",
"details": "Disable Unified alerting.\nhttps://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#unified_alerting",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana: stored XSS vulnerability"
},
{
"acknowledgments": [
{
"names": [
"HTTPVoid team"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-31107",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2022-07-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2104367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Grafana. This flaw allows a malicious user with the authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under certain conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: OAuth account takeover",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31107"
},
{
"category": "external",
"summary": "RHBZ#2104367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31107",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31107"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31107",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31107"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2"
}
],
"release_date": "2022-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "workaround",
"details": "As a workaround, it is possible to disable any OAuth login or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana: OAuth account takeover"
},
{
"cve": "CVE-2022-31123",
"discovery_date": "2022-09-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2131147"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Grafana web application, where it is possible to install plugins which are not digitally signed. An admin could install unsigned plugins, which may contain malicious code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: plugin signature bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31123"
},
{
"category": "external",
"summary": "RHBZ#2131147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131147"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31123"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31123",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31123"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: plugin signature bypass"
},
{
"cve": "CVE-2022-31130",
"discovery_date": "2022-09-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2131146"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Grafana\u0027s use of the GitLab data source plugin, leaking the API key to gitlab. This can result in the destination plugin receiving a Grafana user\u0027s authentication token, which could be used by an attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31130"
},
{
"category": "external",
"summary": "RHBZ#2131146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131146"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31130"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31130",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31130"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token, multi-factor authentication (MFA), which is coupled with account management controls, including integration with single sign-on (SSO), to ensure that user permissions are restricted to only the functions necessary for their roles. Access to sensitive information is explicitly authorized and enforced based on predefined access policies. Event logs are collected and processed for centralization, correlation, analysis, monitoring, reporting, alerting, and retention. This process ensures that audit logs are generated for specific events involving sensitive information, which helps identify patterns of unauthorized access or data exposure. The platform enforces the use of validated cryptographic modules across compute resources to protect the confidentiality of information, even in the event of interception.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
},
{
"cve": "CVE-2022-32190",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124668"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. The JoinPath doesn\u0027t remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: JoinPath does not strip relative path components in all circumstances",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerable functions, JoinPath and URL.JoinPath was introduced in upstream go1.19, whereas, RHEL ships go1.17 and go1.18 versions, which does not contain the vulnerable code. Hence, packages shipped with RHEL-8, RHEL-9 are not affected.\n\nAll Y stream releases of OpenShift Container Platform 4 run on RHEL-8 or RHEL-9, so OCP 4 is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32190"
},
{
"category": "external",
"summary": "RHBZ#2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190"
},
{
"category": "external",
"summary": "https://go.dev/issue/54385",
"url": "https://go.dev/issue/54385"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/url: JoinPath does not strip relative path components in all circumstances"
},
{
"cve": "CVE-2022-35957",
"cwe": {
"id": "CWE-288",
"name": "Authentication Bypass Using an Alternate Path or Channel"
},
"discovery_date": "2022-09-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2125514"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the grafana package. Auth proxy allows authentication of a user by only providing the username (or email) in an X-WEBAUTH-USER HTTP header. The trust assumption is that a front proxy will take care of authentication and that the Grafana server is only publicly reachable with this front proxy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Escalation from admin to server admin when auth proxy is used",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-35957"
},
{
"category": "external",
"summary": "RHBZ#2125514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2125514"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-35957",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35957"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-35957",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35957"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: Escalation from admin to server admin when auth proxy is used"
},
{
"cve": "CVE-2022-39201",
"discovery_date": "2022-09-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2131148"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Grafana. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. Grafana could leak the authentication cookie of users to plugins, which could result in an impact to confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39201"
},
{
"category": "external",
"summary": "RHBZ#2131148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131148"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39201",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39201"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins"
},
{
"cve": "CVE-2022-39229",
"discovery_date": "2022-09-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2131149"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Grafana web application. When a user logs into the system, either the username or email address can be used. However, the login system allows both a username and connected email to be registered, which could allow an attacker to prevent a user which has an associated email address access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: using email as a username can block other users from signing in",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39229"
},
{
"category": "external",
"summary": "RHBZ#2131149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39229",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39229"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: using email as a username can block other users from signing in"
},
{
"acknowledgments": [
{
"names": [
"Grafana Team"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-39306",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2022-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2138014"
}
],
"notes": [
{
"category": "description",
"text": "An authentication bypass flaw was discovered in Grafana. This issue could allow a remote unauthenticated attacker to create an account and provide access to a certain organization, which can be exploited by gaining access to the signup link. The highest impacts to the system are confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: email addresses and usernames cannot be trusted",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39306"
},
{
"category": "external",
"summary": "RHBZ#2138014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138014"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39306",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39306"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39306",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39306"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/",
"url": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/"
}
],
"release_date": "2022-11-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: email addresses and usernames cannot be trusted"
},
{
"acknowledgments": [
{
"names": [
"Grafana Team"
]
}
],
"cve": "CVE-2022-39307",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2138015"
}
],
"notes": [
{
"category": "description",
"text": "An information leak was discovered in Grafana. Remote unauthenticated users could exploit the forget password feature to discover which user accounts exist.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: User enumeration via forget password",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39307"
},
{
"category": "external",
"summary": "RHBZ#2138015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138015"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39307"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/",
"url": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/"
}
],
"release_date": "2022-11-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: User enumeration via forget password"
},
{
"acknowledgments": [
{
"names": [
"Grafana Security Team"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-39324",
"cwe": {
"id": "CWE-472",
"name": "External Control of Assumed-Immutable Web Parameter"
},
"discovery_date": "2022-11-24T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2148252"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the grafana package. While creating a snapshot, an attacker may manipulate a hidden HTTP parameter to inject a malicious URL in the \"Open original dashboard\" button.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Spoofing of the originalUrl parameter of snapshots",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Service Mesh containers include the Grafana RPM from RHEL and consume CVE fixes for Grafana from RHEL channels. The servicemesh-grafana RPM shipped in early versions of OpenShift Service Mesh 2.1 is no longer maintained.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39324"
},
{
"category": "external",
"summary": "RHBZ#2148252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148252"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39324",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39324"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39324",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39324"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/",
"url": "https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/"
}
],
"release_date": "2023-01-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: Spoofing of the originalUrl parameter of snapshots"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-41912",
"cwe": {
"id": "CWE-165",
"name": "Improper Neutralization of Multiple Internal Special Elements"
},
"discovery_date": "2022-11-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2149181"
}
],
"notes": [
{
"category": "description",
"text": "An authentication bypass flaw was discovered in the crewjam/saml go package. A remote unauthenticated attacker could trigger it by sending a SAML request. This would allow an escalation of privileges and then enable compromising system integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Whilst the Red Hat Advanced Cluster Management for Kubernetes (RHACM) acm-grafana container include the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Therefore the impact by this flaw is reduced from Critical to Important.\n\nThe OCP grafana-container includes the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Therefore the impact by this flaw is reduced from Critical to Important.\n\nWhile Red Hat Ceph Storage 4\u0027s grafana-container includes the affected code, this is used for logging and limits access to the rest of the Ceph cluster. Thus the impact has been reduced from critical to important. Red Hat Ceph Storage 3 and 4 do not use crewjam/saml in their version of grafana.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41912"
},
{
"category": "external",
"summary": "RHBZ#2149181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149181"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41912",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41912"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41912",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41912"
},
{
"category": "external",
"summary": "https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g",
"url": "https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g"
}
],
"release_date": "2022-11-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements"
}
]
}
CNVD-2022-15958
Vulnerability from cnvd - Published: 2022-03-02
VLAI Severity ?
Title
marked拒绝服务漏洞(CNVD-2022-15958)
Description
marked是一款使用JavaScript编写的Markdown解析器和编译器。
marked存在安全漏洞,攻击者可利用漏洞导致正则表达式拒绝服务 (ReDoS)。
Severity
中
Formal description
目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法: https://github.com/markedjs/marked/releases/tag/v4.0.10
Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-21680
Impacted products
| Name | Marked marked 4.0.10 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2022-21680"
}
},
"description": "marked\u662f\u4e00\u6b3e\u4f7f\u7528JavaScript\u7f16\u5199\u7684Markdown\u89e3\u6790\u5668\u548c\u7f16\u8bd1\u5668\u3002\n\nmarked\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u6b63\u5219\u8868\u8fbe\u5f0f\u62d2\u7edd\u670d\u52a1 (ReDoS)\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://github.com/markedjs/marked/releases/tag/v4.0.10",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2022-15958",
"openTime": "2022-03-02",
"products": {
"product": "Marked marked 4.0.10"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-21680",
"serverity": "\u4e2d",
"submitTime": "2022-01-18",
"title": "marked\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2022-15958\uff09"
}
WID-SEC-W-2023-0426
Vulnerability from csaf_certbund - Published: 2022-03-13 23:00 - Updated: 2025-01-06 23:00Summary
IBM Spectrum Protect: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Spectrum Protect ist eine zentralisierte Backuplösung für Systeme im Netzwerk.
Angriff
Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM Spectrum Protect ausnutzen, um einen 'Denial of Service'-Zustand herbeizuführen, Sicherheitsmaßnahmen zu umgehen, einen 'Cross-Site-Scripting'-Angriff durchzuführen, beliebigen Code auszuführen, sensible Informationen offenzulegen und seine Privilegien zu erweitern.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Spectrum Protect ist eine zentralisierte Backupl\u00f6sung f\u00fcr Systeme im Netzwerk.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM Spectrum Protect ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, sensible Informationen offenzulegen und seine Privilegien zu erweitern.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0426 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2023-0426.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0426 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0426"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2022-03-13",
"url": "https://www.ibm.com/support/pages/node/6562989"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2022-03-13",
"url": "https://www.ibm.com/support/pages/node/6562383"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2022-03-13",
"url": "https://www.ibm.com/support/pages/node/6562855"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2022-03-13",
"url": "https://www.ibm.com/support/pages/node/6562401"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2022-03-13",
"url": "https://www.ibm.com/support/pages/node/6562919"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2022-03-13",
"url": "https://www.ibm.com/support/pages/node/6562873"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2022-03-13",
"url": "https://www.ibm.com/support/pages/node/6562843"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2022-03-13",
"url": "https://www.ibm.com/support/pages/node/6562405"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6956658 vom 2023-02-18",
"url": "https://www.ibm.com/support/pages/node/6956658"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7180361 vom 2025-01-07",
"url": "https://www.ibm.com/support/pages/node/7180361"
}
],
"source_lang": "en-US",
"title": "IBM Spectrum Protect: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-01-06T23:00:00.000+00:00",
"generator": {
"date": "2025-01-07T11:48:17.558+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2023-0426",
"initial_release_date": "2022-03-13T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-03-13T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-02-19T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-01-06T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.6.1.2",
"product": {
"name": "IBM Maximo Asset Management 7.6.1.2",
"product_id": "T026420",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1.2"
}
}
},
{
"category": "product_version",
"name": "7.6.1.3",
"product": {
"name": "IBM Maximo Asset Management 7.6.1.3",
"product_id": "T026421",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1.3"
}
}
}
],
"category": "product_name",
"name": "Maximo Asset Management"
},
{
"category": "product_name",
"name": "IBM Spectrum Protect",
"product": {
"name": "IBM Spectrum Protect",
"product_id": "T013661",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.1.6.4",
"product": {
"name": "IBM Spectrum Protect Plus \u003c10.1.6.4",
"product_id": "T040030"
}
},
{
"category": "product_version",
"name": "10.1.6.4",
"product": {
"name": "IBM Spectrum Protect Plus 10.1.6.4",
"product_id": "T040030-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect_plus:10.1.6.4"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect Plus"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-20373",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2021-20373"
},
{
"cve": "CVE-2021-23222",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2021-23222"
},
{
"cve": "CVE-2021-23727",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2021-23727"
},
{
"cve": "CVE-2021-29678",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2021-29678"
},
{
"cve": "CVE-2021-33026",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2021-33026"
},
{
"cve": "CVE-2021-35517",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2021-35517"
},
{
"cve": "CVE-2021-35578",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2021-35578"
},
{
"cve": "CVE-2021-36090",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2021-36090"
},
{
"cve": "CVE-2021-38926",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2021-38926"
},
{
"cve": "CVE-2021-38931",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2021-38931"
},
{
"cve": "CVE-2021-39002",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2021-39002"
},
{
"cve": "CVE-2021-4034",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2021-4034"
},
{
"cve": "CVE-2021-41617",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2021-41617"
},
{
"cve": "CVE-2021-44716",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2021-44716"
},
{
"cve": "CVE-2021-44717",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2021-44717"
},
{
"cve": "CVE-2022-0235",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2022-0235"
},
{
"cve": "CVE-2022-0391",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2022-0391"
},
{
"cve": "CVE-2022-21680",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2022-21680"
},
{
"cve": "CVE-2022-21681",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2022-21681"
},
{
"cve": "CVE-2022-22346",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2022-22346"
},
{
"cve": "CVE-2022-22348",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2022-22348"
},
{
"cve": "CVE-2022-22354",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2022-22354"
},
{
"cve": "CVE-2022-23772",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2022-23772"
},
{
"cve": "CVE-2022-23773",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2022-23773"
},
{
"cve": "CVE-2022-23806",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T040030",
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2022-23806"
}
]
}
FKIE_CVE-2022-21680
Vulnerability from fkie_nvd - Published: 2022-01-14 17:15 - Updated: 2024-11-21 06:45
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| marked_project | marked | * | |
| fedoraproject | fedora | 36 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:marked_project:marked:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "B83EAFAD-55C6-4F4C-BC5E-5238E85B4832",
"versionEndExcluding": "4.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources."
},
{
"lang": "es",
"value": "Marked es un analizador y compilador de markdown. En versiones anteriores a 4.0.10, la expresi\u00f3n regular \"block.def\" pod\u00eda causar un retroceso catastr\u00f3fico contra algunas cadenas y conllevar a una denegaci\u00f3n de servicio por expresi\u00f3n regular (ReDoS). Cualquiera que ejecute markdown no confiable mediante una versi\u00f3n vulnerable de marked y no use un trabajador con l\u00edmite de tiempo puede verse afectado. Este problema est\u00e1 parcheado en la versi\u00f3n 4.0.10. Como medida de mitigaci\u00f3n, evite ejecutar markdown no confiable mediante marked o ejecute marked en un hilo de trabajo y establezca un l\u00edmite de tiempo razonable para evitar el agotamiento de los recursos"
}
],
"id": "CVE-2022-21680",
"lastModified": "2024-11-21T06:45:13.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-14T17:15:13.210",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/markedjs/marked/releases/tag/v4.0.10"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/markedjs/marked/releases/tag/v4.0.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
},
{
"lang": "en",
"value": "CWE-1333"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-RRRM-QJM4-V8HF
Vulnerability from github – Published: 2022-01-14 21:04 – Updated: 2022-01-14 19:56
VLAI?
Summary
Inefficient Regular Expression Complexity in marked
Details
Impact
What kind of vulnerability is it?
Denial of service.
The regular expression block.def may cause catastrophic backtracking against some strings.
PoC is the following.
import * as marked from "marked";
marked.parse(`[x]:${' '.repeat(1500)}x ${' '.repeat(1500)} x`);
Who is impacted?
Anyone who runs untrusted markdown through marked and does not use a worker with a time limit.
Patches
Has the problem been patched?
Yes
What versions should users upgrade to?
4.0.10
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Do not run untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
References
Are there any links users can visit to find out more?
- https://marked.js.org/using_advanced#workers
- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
For more information
If you have any questions or comments about this advisory:
- Open an issue in marked
Severity ?
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "marked"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-21680"
],
"database_specific": {
"cwe_ids": [
"CWE-1333",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-14T19:56:20Z",
"nvd_published_at": "2022-01-14T17:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\n_What kind of vulnerability is it?_\n\nDenial of service.\n\nThe regular expression `block.def` may cause catastrophic backtracking against some strings.\nPoC is the following.\n\n```javascript\nimport * as marked from \"marked\";\n\nmarked.parse(`[x]:${\u0027 \u0027.repeat(1500)}x ${\u0027 \u0027.repeat(1500)} x`);\n```\n\n_Who is impacted?_\n\nAnyone who runs untrusted markdown through marked and does not use a worker with a time limit.\n\n### Patches\n\n_Has the problem been patched?_\n\nYes\n\n_What versions should users upgrade to?_\n\n4.0.10\n\n### Workarounds\n\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\n\nDo not run untrusted markdown through marked or run marked on a [worker](https://marked.js.org/using_advanced#workers) thread and set a reasonable time limit to prevent draining resources.\n\n### References\n\n_Are there any links users can visit to find out more?_\n\n- https://marked.js.org/using_advanced#workers\n- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [marked](https://github.com/markedjs/marked)\n",
"id": "GHSA-rrrm-qjm4-v8hf",
"modified": "2022-01-14T19:56:20Z",
"published": "2022-01-14T21:04:41Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21680"
},
{
"type": "WEB",
"url": "https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0"
},
{
"type": "PACKAGE",
"url": "https://github.com/markedjs/marked"
},
{
"type": "WEB",
"url": "https://github.com/markedjs/marked/releases/tag/v4.0.10"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Inefficient Regular Expression Complexity in marked"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…