Action not permitted
Modal body text goes here.
cve-2022-21681
Vulnerability from cvelistv5
Published
2022-01-14 00:00
Modified
2024-08-03 02:46
Severity ?
EPSS score ?
Summary
Exponential catastrophic backtracking (ReDoS) in marked
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:39.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5"
},
{
"name": "FEDORA-2022-784d729f30",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "marked",
"vendor": "markedjs",
"versions": [
{
"status": "affected",
"version": "\u003c 4.0.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-08T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj"
},
{
"url": "https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5"
},
{
"name": "FEDORA-2022-784d729f30",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/"
}
],
"source": {
"advisory": "GHSA-5v2h-r2cx-5xgj",
"discovery": "UNKNOWN"
},
"title": "Exponential catastrophic backtracking (ReDoS) in marked"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21681",
"datePublished": "2022-01-14T00:00:00",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-03T02:46:39.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-21681\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-01-14T17:15:13.270\",\"lastModified\":\"2023-11-07T03:43:40.790\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.\"},{\"lang\":\"es\",\"value\":\"Marked es un analizador y compilador de markdown. En versiones anteriores a 4.0.10, la expresi\u00f3n regular \\\"inline.reflinkSearch\\\" pod\u00eda causar un retroceso catastr\u00f3fico contra algunas cadenas y conllevar a una denegaci\u00f3n de servicio (DoS). Cualquiera que ejecute markdown no confiable mediante una versi\u00f3n vulnerable de marked y no use un trabajador con l\u00edmite de tiempo puede verse afectado. Este problema est\u00e1 parcheado en la versi\u00f3n 4.0.10. Como medida de mitigaci\u00f3n, evite ejecutar markdown no confiable mediante marked o ejecute marked en un hilo de trabajo y establezca un l\u00edmite de tiempo razonable para evitar el agotamiento de los recursos\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1333\"}]},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1333\"},{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:marked_project:marked:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"4.0.10\",\"matchCriteriaId\":\"B83EAFAD-55C6-4F4C-BC5E-5238E85B4832\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}],\"references\":[{\"url\":\"https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/\",\"source\":\"security-advisories@github.com\"}]}}"
}
}
rhsa-2023_3642
Vulnerability from csaf_redhat
Published
2023-06-15 15:59
Modified
2024-11-06 03:12
Summary
Red Hat Security Advisory: Red Hat Ceph Storage 6.1 Container security and bug fix update
Notes
Topic
A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
This new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9.
Security Fix(es):
* crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements (CVE-2022-41912)
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* grafana: stored XSS vulnerability (CVE-2022-31097)
* grafana: OAuth account takeover (CVE-2022-31107)
* ramda: prototype poisoning (CVE-2021-42581)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* marked: regular expression block.def may lead Denial of Service (CVE-2022-21680)
* marked: regular expression inline.reflinkSearch may lead Denial of Service (CVE-2022-21681)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix (CVE-2022-26148)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
* golang: syscall: faccessat checks wrong group (CVE-2022-29526)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* grafana: plugin signature bypass (CVE-2022-31123)
* grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (CVE-2022-31130)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)
* grafana: Escalation from admin to server admin when auth proxy is used (CVE-2022-35957)
* grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins (CVE-2022-39201)
* grafana: using email as a username can block other users from signing in (CVE-2022-39229)
* grafana: email addresses and usernames cannot be trusted (CVE-2022-39306)
* grafana: User enumeration via forget password (CVE-2022-39307)
* grafana: Spoofing of the originalUrl parameter of snapshots (CVE-2022-39324)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index
All users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous enhancements and bug fixes.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.\n\nThis new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9.\n\nSecurity Fix(es):\n\n* crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements (CVE-2022-41912)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* grafana: stored XSS vulnerability (CVE-2022-31097)\n\n* grafana: OAuth account takeover (CVE-2022-31107)\n\n* ramda: prototype poisoning (CVE-2021-42581)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n\n* marked: regular expression block.def may lead Denial of Service (CVE-2022-21680)\n\n* marked: regular expression inline.reflinkSearch may lead Denial of Service (CVE-2022-21681)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix (CVE-2022-26148)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* grafana: plugin signature bypass (CVE-2022-31123)\n\n* grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (CVE-2022-31130)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)\n\n* grafana: Escalation from admin to server admin when auth proxy is used (CVE-2022-35957)\n\n* grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins (CVE-2022-39201)\n\n* grafana: using email as a username can block other users from signing in (CVE-2022-39229)\n\n* grafana: email addresses and usernames cannot be trusted (CVE-2022-39306)\n\n* grafana: User enumeration via forget password (CVE-2022-39307)\n\n* grafana: Spoofing of the originalUrl parameter of snapshots (CVE-2022-39324)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nSpace precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index\n\nAll users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous enhancements and bug fixes.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3642",
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index"
},
{
"category": "external",
"summary": "2066563",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066563"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "2082705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082705"
},
{
"category": "external",
"summary": "2082706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082706"
},
{
"category": "external",
"summary": "2083778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083778"
},
{
"category": "external",
"summary": "2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2104365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104365"
},
{
"category": "external",
"summary": "2104367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104367"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2125514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2125514"
},
{
"category": "external",
"summary": "2131146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131146"
},
{
"category": "external",
"summary": "2131147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131147"
},
{
"category": "external",
"summary": "2131148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131148"
},
{
"category": "external",
"summary": "2131149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131149"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2138014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138014"
},
{
"category": "external",
"summary": "2138015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138015"
},
{
"category": "external",
"summary": "2148252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148252"
},
{
"category": "external",
"summary": "2149181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149181"
},
{
"category": "external",
"summary": "2168965",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168965"
},
{
"category": "external",
"summary": "2174461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174461"
},
{
"category": "external",
"summary": "2174462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174462"
},
{
"category": "external",
"summary": "2186142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186142"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3642.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ceph Storage 6.1 Container security and bug fix update",
"tracking": {
"current_release_date": "2024-11-06T03:12:03+00:00",
"generator": {
"date": "2024-11-06T03:12:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2023:3642",
"initial_release_date": "2023-06-15T15:59:41+00:00",
"revision_history": [
{
"date": "2023-06-15T15:59:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-06-15T15:59:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-06T03:12:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 6.1 Tools",
"product": {
"name": "Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:6.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"product": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"product_id": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.4-3"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-5"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"product": {
"name": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"product_id": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-177"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.17-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-36"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"product": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"product_id": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.4-3"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-5"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"product": {
"name": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"product_id": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-177"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.17-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-36"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"product": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"product_id": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.4-3"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-5"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"product": {
"name": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"product_id": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-177"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.17-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-36"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64"
},
"product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x"
},
"product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
},
"product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x"
},
"product_reference": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64"
},
"product_reference": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le"
},
"product_reference": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
"product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
"relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-42581",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-05-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2083778"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ramda: prototype poisoning",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are the application-ui container up to and including RHACM 2.4.4, 2.3.10 and 2.2.13 and grc-ui container up to and including RHACM 2.2.13 versions. However not any RHACM is affected in the kui-web-terminal container as is using already patched and not affected version, therefore we are not impacted in this particular component. In RHACM these components are behind OpenShift OAuth. This restricts access to the vulnerable ramda library to authenticated users only, therefore the impact is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-42581"
},
{
"category": "external",
"summary": "RHBZ#2083778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-42581",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42581"
},
{
"category": "external",
"summary": "https://github.com/ramda/ramda/pull/3192",
"url": "https://github.com/ramda/ramda/pull/3192"
}
],
"release_date": "2022-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ramda: prototype poisoning"
},
{
"cve": "CVE-2022-1650",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085307"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eventsource: Exposure of Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1650"
},
{
"category": "external",
"summary": "RHBZ#2085307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "eventsource: Exposure of Sensitive Information"
},
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-21680",
"cwe": {
"id": "CWE-186",
"name": "Overly Restrictive Regular Expression"
},
"discovery_date": "2022-05-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2082705"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "marked: regular expression block.def may lead Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21680"
},
{
"category": "external",
"summary": "RHBZ#2082705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082705"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21680",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21680"
}
],
"release_date": "2022-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "marked: regular expression block.def may lead Denial of Service"
},
{
"cve": "CVE-2022-21681",
"cwe": {
"id": "CWE-186",
"name": "Overly Restrictive Regular Expression"
},
"discovery_date": "2022-05-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2082706"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "marked: regular expression inline.reflinkSearch may lead Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21681"
},
{
"category": "external",
"summary": "RHBZ#2082706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082706"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21681",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21681"
}
],
"release_date": "2022-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "marked: regular expression inline.reflinkSearch may lead Denial of Service"
},
{
"cve": "CVE-2022-23498",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-02-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2167266"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Grafana package. When data-source query caching is enabled, Grafana caches all headers, including `grafana_session.` As a result, any user that queries a data source where the caching is enabled can acquire another user\u2019s session.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Use of Cache Containing Sensitive Information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23498"
},
{
"category": "external",
"summary": "RHBZ#2167266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167266"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23498",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23498"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23498",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23498"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8"
}
],
"release_date": "2023-02-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "workaround",
"details": "To mitigate the vulnerability, disable the data source query caching for all data sources.",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana: Use of Cache Containing Sensitive Information"
},
{
"cve": "CVE-2022-24675",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077688"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/pem: fix stack overflow in Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24675"
},
{
"category": "external",
"summary": "RHBZ#2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/pem: fix stack overflow in Decode"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-26148",
"cwe": {
"id": "CWE-312",
"name": "Cleartext Storage of Sensitive Information"
},
"discovery_date": "2022-03-22T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2066563"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Grafana when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right-click to view the source code and use Ctrl-F to search for the password in api_jsonrpc.php to discover the Zabbix account password and URL address.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26148"
},
{
"category": "external",
"summary": "RHBZ#2066563",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066563"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26148"
}
],
"release_date": "2022-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-28131",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Decoder.Skip",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28131"
},
{
"category": "external",
"summary": "RHBZ#2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131"
},
{
"category": "external",
"summary": "https://go.dev/issue/53614",
"url": "https://go.dev/issue/53614"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Decoder.Skip"
},
{
"cve": "CVE-2022-28327",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077689"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: panic caused by oversized scalar",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28327"
},
{
"category": "external",
"summary": "RHBZ#2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: panic caused by oversized scalar"
},
{
"acknowledgments": [
{
"names": [
"Jo\u00ebl G\u00e4hwiler"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-29526",
"cwe": {
"id": "CWE-280",
"name": "Improper Handling of Insufficient Permissions or Privileges "
},
"discovery_date": "2022-05-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2084085"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file\u0027s group, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: faccessat checks wrong group",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29526"
},
{
"category": "external",
"summary": "RHBZ#2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU",
"url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
}
],
"release_date": "2022-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: faccessat checks wrong group"
},
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30633",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Unmarshal",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30633"
},
{
"category": "external",
"summary": "RHBZ#2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633"
},
{
"category": "external",
"summary": "https://go.dev/issue/53611",
"url": "https://go.dev/issue/53611"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Unmarshal"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-31097",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-07-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2104365"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability was found in the Unified Alerting feature of Grafana. This stored XSS can elevate privileges from Editor to Admin.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: stored XSS vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31097"
},
{
"category": "external",
"summary": "RHBZ#2104365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104365"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31097"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31097",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31097"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f"
}
],
"release_date": "2022-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "workaround",
"details": "Disable Unified alerting.\nhttps://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#unified_alerting",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana: stored XSS vulnerability"
},
{
"acknowledgments": [
{
"names": [
"HTTPVoid team"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-31107",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2022-07-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2104367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Grafana. This flaw allows a malicious user with the authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under certain conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: OAuth account takeover",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31107"
},
{
"category": "external",
"summary": "RHBZ#2104367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31107",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31107"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31107",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31107"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2"
}
],
"release_date": "2022-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "workaround",
"details": "As a workaround, it is possible to disable any OAuth login or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana: OAuth account takeover"
},
{
"cve": "CVE-2022-31123",
"discovery_date": "2022-09-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2131147"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Grafana web application, where it is possible to install plugins which are not digitally signed. An admin could install unsigned plugins, which may contain malicious code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: plugin signature bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31123"
},
{
"category": "external",
"summary": "RHBZ#2131147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131147"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31123"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31123",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31123"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: plugin signature bypass"
},
{
"cve": "CVE-2022-31130",
"discovery_date": "2022-09-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2131146"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Grafana\u0027s use of the GitLab data source plugin, leaking the API key to gitlab. This can result in the destination plugin receiving a Grafana user\u0027s authentication token, which could be used by an attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31130"
},
{
"category": "external",
"summary": "RHBZ#2131146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131146"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31130"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31130",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31130"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
},
{
"cve": "CVE-2022-32190",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124668"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. The JoinPath doesn\u0027t remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: JoinPath does not strip relative path components in all circumstances",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerable functions, JoinPath and URL.JoinPath was introduced in upstream go1.19, whereas, RHEL ships go1.17 and go1.18 versions, which does not contain the vulnerable code. Hence, packages shipped with RHEL-8, RHEL-9 are not affected.\n\nAll Y stream releases of OpenShift Container Platform 4 run on RHEL-8 or RHEL-9, so OCP 4 is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32190"
},
{
"category": "external",
"summary": "RHBZ#2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190"
},
{
"category": "external",
"summary": "https://go.dev/issue/54385",
"url": "https://go.dev/issue/54385"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/url: JoinPath does not strip relative path components in all circumstances"
},
{
"cve": "CVE-2022-35957",
"cwe": {
"id": "CWE-288",
"name": "Authentication Bypass Using an Alternate Path or Channel"
},
"discovery_date": "2022-09-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2125514"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the grafana package. Auth proxy allows authentication of a user by only providing the username (or email) in an X-WEBAUTH-USER HTTP header. The trust assumption is that a front proxy will take care of authentication and that the Grafana server is only publicly reachable with this front proxy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Escalation from admin to server admin when auth proxy is used",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-35957"
},
{
"category": "external",
"summary": "RHBZ#2125514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2125514"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-35957",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35957"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-35957",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35957"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: Escalation from admin to server admin when auth proxy is used"
},
{
"cve": "CVE-2022-39201",
"discovery_date": "2022-09-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2131148"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Grafana. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. Grafana could leak the authentication cookie of users to plugins, which could result in an impact to confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39201"
},
{
"category": "external",
"summary": "RHBZ#2131148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131148"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39201",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39201"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins"
},
{
"cve": "CVE-2022-39229",
"discovery_date": "2022-09-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2131149"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Grafana web application. When a user logs into the system, either the username or email address can be used. However, the login system allows both a username and connected email to be registered, which could allow an attacker to prevent a user which has an associated email address access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: using email as a username can block other users from signing in",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39229"
},
{
"category": "external",
"summary": "RHBZ#2131149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39229",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39229"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: using email as a username can block other users from signing in"
},
{
"acknowledgments": [
{
"names": [
"Grafana Team"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-39306",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2022-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2138014"
}
],
"notes": [
{
"category": "description",
"text": "An authentication bypass flaw was discovered in Grafana. This issue could allow a remote unauthenticated attacker to create an account and provide access to a certain organization, which can be exploited by gaining access to the signup link. The highest impacts to the system are confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: email addresses and usernames cannot be trusted",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39306"
},
{
"category": "external",
"summary": "RHBZ#2138014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138014"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39306",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39306"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39306",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39306"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/",
"url": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/"
}
],
"release_date": "2022-11-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: email addresses and usernames cannot be trusted"
},
{
"acknowledgments": [
{
"names": [
"Grafana Team"
]
}
],
"cve": "CVE-2022-39307",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2138015"
}
],
"notes": [
{
"category": "description",
"text": "An information leak was discovered in Grafana. Remote unauthenticated users could exploit the forget password feature to discover which user accounts exist.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: User enumeration via forget password",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39307"
},
{
"category": "external",
"summary": "RHBZ#2138015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138015"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39307"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/",
"url": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/"
}
],
"release_date": "2022-11-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: User enumeration via forget password"
},
{
"acknowledgments": [
{
"names": [
"Grafana Security Team"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-39324",
"cwe": {
"id": "CWE-472",
"name": "External Control of Assumed-Immutable Web Parameter"
},
"discovery_date": "2022-11-24T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2148252"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the grafana package. While creating a snapshot, an attacker may manipulate a hidden HTTP parameter to inject a malicious URL in the \"Open original dashboard\" button.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Spoofing of the originalUrl parameter of snapshots",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Service Mesh containers include the Grafana RPM from RHEL and consume CVE fixes for Grafana from RHEL channels. The servicemesh-grafana RPM shipped in early versions of OpenShift Service Mesh 2.1 is no longer maintained.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39324"
},
{
"category": "external",
"summary": "RHBZ#2148252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148252"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39324",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39324"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39324",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39324"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/",
"url": "https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/"
}
],
"release_date": "2023-01-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: Spoofing of the originalUrl parameter of snapshots"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-41912",
"cwe": {
"id": "CWE-165",
"name": "Improper Neutralization of Multiple Internal Special Elements"
},
"discovery_date": "2022-11-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2149181"
}
],
"notes": [
{
"category": "description",
"text": "An authentication bypass flaw was discovered in the crewjam/saml go package. A remote unauthenticated attacker could trigger it by sending a SAML request. This would allow an escalation of privileges and then enable compromising system integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Whilst the Red Hat Advanced Cluster Management for Kubernetes (RHACM) acm-grafana container include the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Therefore the impact by this flaw is reduced from Critical to Important.\n\nThe OCP grafana-container includes the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Therefore the impact by this flaw is reduced from Critical to Important.\n\nWhile Red Hat Ceph Storage 4\u0027s grafana-container includes the affected code, this is used for logging and limits access to the rest of the Ceph cluster. Thus the impact has been reduced from critical to important. Red Hat Ceph Storage 3 and 4 do not use crewjam/saml in their version of grafana.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"known_not_affected": [
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41912"
},
{
"category": "external",
"summary": "RHBZ#2149181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149181"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41912",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41912"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41912",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41912"
},
{
"category": "external",
"summary": "https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g",
"url": "https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g"
}
],
"release_date": "2022-11-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:59:41+00:00",
"details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
"product_ids": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
"9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements"
}
]
}
gsd-2022-21681
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-21681",
"description": "Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.",
"id": "GSD-2022-21681"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-21681"
],
"details": "Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.",
"id": "GSD-2022-21681",
"modified": "2023-12-13T01:19:14.101468Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21681",
"STATE": "PUBLIC",
"TITLE": "Exponential catastrophic backtracking (ReDoS) in marked"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "marked",
"version": {
"version_data": [
{
"version_value": "\u003c 4.0.10"
}
]
}
}
]
},
"vendor_name": "markedjs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-1333: Inefficient Regular Expression Complexity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj",
"refsource": "CONFIRM",
"url": "https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj"
},
{
"name": "https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5",
"refsource": "MISC",
"url": "https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5"
},
{
"name": "FEDORA-2022-784d729f30",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/"
}
]
},
"source": {
"advisory": "GHSA-5v2h-r2cx-5xgj",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c4.0.10",
"affected_versions": "All versions before 4.0.10",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-1333",
"CWE-937"
],
"date": "2023-07-24",
"description": "The regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.",
"fixed_versions": [
"4.0.10"
],
"identifier": "CVE-2022-21681",
"identifiers": [
"CVE-2022-21681",
"GHSA-5v2h-r2cx-5xgj"
],
"not_impacted": "All versions starting from 4.0.10",
"package_slug": "npm/marked",
"pubdate": "2022-01-14",
"solution": "Upgrade to version 4.0.10 or above.",
"title": "Inefficient Regular Expression Complexity",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-21681",
"https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj",
"https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5"
],
"uuid": "e5de98e5-782b-44f7-b968-ecb291ddf745"
},
{
"affected_range": "(,4.0.10)",
"affected_versions": "All versions before 4.0.10",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-1333",
"CWE-937"
],
"date": "2023-07-24",
"description": "The regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.",
"fixed_versions": [],
"identifier": "CVE-2022-21681",
"identifiers": [
"CVE-2022-21681",
"GHSA-5v2h-r2cx-5xgj"
],
"not_impacted": "",
"package_slug": "nuget/marked",
"pubdate": "2022-01-14",
"solution": "Unfortunately, there is no solution available yet.",
"title": "Inefficient Regular Expression Complexity",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-21681",
"https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj",
"https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5"
],
"uuid": "d98ae759-f44a-4d86-bb3b-29dabadb3b71"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:marked_project:marked:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21681"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj"
},
{
"name": "https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5"
},
{
"name": "FEDORA-2022-784d729f30",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-07-24T13:54Z",
"publishedDate": "2022-01-14T17:15Z"
}
}
}
wid-sec-w-2023-0426
Vulnerability from csaf_certbund
Published
2022-03-13 23:00
Modified
2023-02-19 23:00
Summary
IBM Spectrum Protect: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Spectrum Protect ist eine zentralisierte Backuplösung für Systeme im Netzwerk.
Angriff
Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM Spectrum Protect ausnutzen, um einen 'Denial of Service'-Zustand herbeizuführen, Sicherheitsmaßnahmen zu umgehen, einen 'Cross-Site-Scripting'-Angriff durchzuführen, beliebigen Code auszuführen, sensible Informationen offenzulegen und seine Privilegien zu erweitern.
Betroffene Betriebssysteme
- Linux
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Spectrum Protect ist eine zentralisierte Backupl\u00f6sung f\u00fcr Systeme im Netzwerk.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM Spectrum Protect ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, sensible Informationen offenzulegen und seine Privilegien zu erweitern.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0426 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2023-0426.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0426 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0426"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6956658 vom 2023-02-18",
"url": "https://www.ibm.com/support/pages/node/6956658"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2022-03-13",
"url": "https://www.ibm.com/support/pages/node/6562989"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2022-03-13",
"url": "https://www.ibm.com/support/pages/node/6562383"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2022-03-13",
"url": "https://www.ibm.com/support/pages/node/6562855"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2022-03-13",
"url": "https://www.ibm.com/support/pages/node/6562401"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2022-03-13",
"url": "https://www.ibm.com/support/pages/node/6562919"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2022-03-13",
"url": "https://www.ibm.com/support/pages/node/6562873"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2022-03-13",
"url": "https://www.ibm.com/support/pages/node/6562843"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2022-03-13",
"url": "https://www.ibm.com/support/pages/node/6562405"
}
],
"source_lang": "en-US",
"title": "IBM Spectrum Protect: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-02-19T23:00:00.000+00:00",
"generator": {
"date": "2024-02-15T17:15:00.381+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-0426",
"initial_release_date": "2022-03-13T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-03-13T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-02-19T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM Maximo Asset Management 7.6.1.2",
"product": {
"name": "IBM Maximo Asset Management 7.6.1.2",
"product_id": "T026420",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1.2"
}
}
},
{
"category": "product_name",
"name": "IBM Maximo Asset Management 7.6.1.3",
"product": {
"name": "IBM Maximo Asset Management 7.6.1.3",
"product_id": "T026421",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1.3"
}
}
}
],
"category": "product_name",
"name": "Maximo Asset Management"
},
{
"category": "product_name",
"name": "IBM Spectrum Protect",
"product": {
"name": "IBM Spectrum Protect",
"product_id": "T013661",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-20373",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2021-20373"
},
{
"cve": "CVE-2021-23222",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2021-23222"
},
{
"cve": "CVE-2021-23727",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2021-23727"
},
{
"cve": "CVE-2021-29678",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2021-29678"
},
{
"cve": "CVE-2021-33026",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2021-33026"
},
{
"cve": "CVE-2021-35517",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2021-35517"
},
{
"cve": "CVE-2021-35578",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2021-35578"
},
{
"cve": "CVE-2021-36090",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2021-36090"
},
{
"cve": "CVE-2021-38926",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2021-38926"
},
{
"cve": "CVE-2021-38931",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2021-38931"
},
{
"cve": "CVE-2021-39002",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2021-39002"
},
{
"cve": "CVE-2021-4034",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2021-4034"
},
{
"cve": "CVE-2021-41617",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2021-41617"
},
{
"cve": "CVE-2021-44716",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2021-44716"
},
{
"cve": "CVE-2021-44717",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2021-44717"
},
{
"cve": "CVE-2022-0235",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2022-0235"
},
{
"cve": "CVE-2022-0391",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2022-0391"
},
{
"cve": "CVE-2022-21680",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2022-21680"
},
{
"cve": "CVE-2022-21681",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2022-21681"
},
{
"cve": "CVE-2022-22346",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2022-22346"
},
{
"cve": "CVE-2022-22348",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2022-22348"
},
{
"cve": "CVE-2022-22354",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2022-22354"
},
{
"cve": "CVE-2022-23772",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2022-23772"
},
{
"cve": "CVE-2022-23773",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2022-23773"
},
{
"cve": "CVE-2022-23806",
"notes": [
{
"category": "description",
"text": "In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten PostgreSQL, Apache Commons Compress, Operations Center, Celery, Golang Go, Python, Db2, Java SE, Polkit, Node.js, OpenSSH und Flask. Ein entfernter anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen \u0027Cross-Site-Scripting\u0027-Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T013661",
"T026421",
"T026420"
]
},
"release_date": "2022-03-13T23:00:00Z",
"title": "CVE-2022-23806"
}
]
}
ghsa-5v2h-r2cx-5xgj
Vulnerability from github
Published
2022-01-14 21:04
Modified
2022-01-14 19:57
Severity ?
Summary
Inefficient Regular Expression Complexity in marked
Details
Impact
What kind of vulnerability is it?
Denial of service.
The regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings.
PoC is the following.
```javascript import * as marked from 'marked';
console.log(marked.parse(`[x]: x
\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\\; ```
Who is impacted?
Anyone who runs untrusted markdown through marked and does not use a worker with a time limit.
Patches
Has the problem been patched?
Yes
What versions should users upgrade to?
4.0.10
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Do not run untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
References
Are there any links users can visit to find out more?
- https://marked.js.org/using_advanced#workers
- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
For more information
If you have any questions or comments about this advisory:
- Open an issue in marked
{
"affected": [
{
"ecosystem_specific": {
"affected_functions": [
"(marked).parse"
]
},
"package": {
"ecosystem": "npm",
"name": "marked"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-21681"
],
"database_specific": {
"cwe_ids": [
"CWE-1333"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-14T19:57:17Z",
"nvd_published_at": "2022-01-14T17:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\n_What kind of vulnerability is it?_\n\nDenial of service.\n\nThe regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings.\nPoC is the following.\n\n```javascript\nimport * as marked from \u0027marked\u0027;\n\nconsole.log(marked.parse(`[x]: x\n\n\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](`));\n```\n\n_Who is impacted?_\n\nAnyone who runs untrusted markdown through marked and does not use a worker with a time limit.\n\n### Patches\n\n_Has the problem been patched?_\n\nYes\n\n_What versions should users upgrade to?_\n\n4.0.10\n\n### Workarounds\n\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\n\nDo not run untrusted markdown through marked or run marked on a [worker](https://marked.js.org/using_advanced#workers) thread and set a reasonable time limit to prevent draining resources.\n\n### References\n\n_Are there any links users can visit to find out more?_\n\n- https://marked.js.org/using_advanced#workers\n- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [marked](https://github.com/markedjs/marked)\n",
"id": "GHSA-5v2h-r2cx-5xgj",
"modified": "2022-01-14T19:57:17Z",
"published": "2022-01-14T21:04:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21681"
},
{
"type": "WEB",
"url": "https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5"
},
{
"type": "WEB",
"url": "https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0"
},
{
"type": "PACKAGE",
"url": "https://github.com/markedjs/marked"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Inefficient Regular Expression Complexity in marked"
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.