Action not permitted
Modal body text goes here.
cve-2023-26144
Vulnerability from cvelistv5
Published
2023-09-20 05:00
Modified
2024-09-24 20:32
Severity ?
EPSS score ?
Summary
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.
**Note:** It was not proven that this vulnerability can crash the process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| report@snyk.io | https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226 | Patch | |
| report@snyk.io | https://github.com/graphql/graphql-js/issues/3955 | Exploit, Issue Tracking, Third Party Advisory | |
| report@snyk.io | https://github.com/graphql/graphql-js/pull/3972 | Product | |
| report@snyk.io | https://github.com/graphql/graphql-js/releases/tag/v16.8.1 | Release Notes | |
| report@snyk.io | https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/graphql/graphql-js/pull/3972"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/graphql/graphql-js/issues/3955"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26144",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T20:32:04.245711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T20:32:17.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "graphql",
"vendor": "n/a",
"versions": [
{
"lessThan": "16.8.1",
"status": "affected",
"version": "16.3.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tadhg Lewis"
}
],
"descriptions": [
{
"lang": "en",
"value": "Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\r\r**Note:** It was not proven that this vulnerability can crash the process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-20T05:00:02.129Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181"
},
{
"url": "https://github.com/graphql/graphql-js/pull/3972"
},
{
"url": "https://github.com/graphql/graphql-js/issues/3955"
},
{
"url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226"
},
{
"url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2023-26144",
"datePublished": "2023-09-20T05:00:02.129Z",
"dateReserved": "2023-02-20T10:28:48.928Z",
"dateUpdated": "2024-09-24T20:32:17.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-26144\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2023-09-20T05:15:39.923\",\"lastModified\":\"2023-11-07T04:09:27.820\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\\r\\r**Note:** It was not proven that this vulnerability can crash the process.\"},{\"lang\":\"es\",\"value\":\"Las versiones del paquete graphql desde 16.3.0 y anteriores a 16.8.1 son vulnerables a la Denegaci\u00f3n de Servicio (DoS) debido a comprobaciones insuficientes en el archivo OverlappingFieldsCanBeMergedRule.ts al analizar consultas grandes. Esta vulnerabilidad permite a un atacante degradar el rendimiento del sistema. **Nota:** No se ha demostrado que esta vulnerabilidad pueda bloquear el proceso.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:graphql:graphql:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"16.3.0\",\"versionEndExcluding\":\"16.8.1\",\"matchCriteriaId\":\"F350F09D-E2EC-454B-AE86-D1685AFDD9D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:graphql:graphql:17.0.0:alpha1:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"37819AB7-A406-4FC1-BB34-C949848AF13E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:graphql:graphql:17.0.0:alpha2:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"17EC77C2-6B00-4742-A98E-08874B982117\"}]}]}],\"references\":[{\"url\":\"https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/graphql/graphql-js/issues/3955\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/graphql/graphql-js/pull/3972\",\"source\":\"report@snyk.io\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/graphql/graphql-js/releases/tag/v16.8.1\",\"source\":\"report@snyk.io\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
ghsa-9pv7-vfvm-6vr7
Vulnerability from github
Published
2023-09-20 06:30
Modified
2023-09-21 17:03
Severity ?
Summary
graphql Uncontrolled Resource Consumption vulnerability
Details
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.
Note: It was not proven that this vulnerability can crash the process.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "graphql"
},
"ranges": [
{
"events": [
{
"introduced": "16.3.0"
},
{
"fixed": "16.8.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-26144"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2023-09-21T17:03:11Z",
"nvd_published_at": "2023-09-20T05:15:39Z",
"severity": "MODERATE"
},
"details": "Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\n\n**Note:** It was not proven that this vulnerability can crash the process.",
"id": "GHSA-9pv7-vfvm-6vr7",
"modified": "2023-09-21T17:03:11Z",
"published": "2023-09-20T06:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26144"
},
{
"type": "WEB",
"url": "https://github.com/graphql/graphql-js/issues/3955"
},
{
"type": "WEB",
"url": "https://github.com/graphql/graphql-js/pull/3972"
},
{
"type": "WEB",
"url": "https://github.com/graphql/graphql-js/commit/8f4c64eb6a7112a929ffeef00caa67529b3f2fcf"
},
{
"type": "PACKAGE",
"url": "https://github.com/graphql/graphql-js"
},
{
"type": "WEB",
"url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "graphql Uncontrolled Resource Consumption vulnerability"
}
rhsa-2024_1570
Vulnerability from csaf_redhat
Published
2024-03-28 20:50
Modified
2024-10-14 21:56
Summary
Red Hat Security Advisory: ACS 4.4 enhancement and security update
Notes
Topic
Important: Updated images are now available for Red Hat Advanced Cluster Security.
Details
Updated images are now available for Red Hat Advanced Cluster Security. The
updated image includes new features and bug fixes.
This release includes the following features and updates:
* New Compliance capabilities (Technology Preview)
* Network graph enhancements for internal entities
* Build-time network policy tools is now generally available
* Init-bundle graphical user interface improvements
* eBPF CO-RE collection method enabled by default
* Bring your own database for RHACS Central is now generally available
* Support RHACS on ROSA hosted control plane
* Life cycle updates
* Integration with Red Hat OpenShift Cluster Manager and Paladin Cloud to discover unsecured clusters
* Migration to stock Red Hat OpenShift SCCs during manual upgrade by using roxctl CLI
* Cluster discovery by using cloud source integrations
* Short-lived API tokens for Central
* Enhanced roxctl deployment check command
* Authentication of AWS and GCP integrations by using short-lived tokens (Technology Preview)
* Scanner V4 that uses upstream ClairCore (Technology Preview)
* Filter workload CVEs by using component and component source
For more information, including bug fix descriptions, see https://docs.openshift.com/acs/4.4/release_notes/44-release-notes.html.
Security fixes:
* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
* go-git: Maliciously crafted Git server replies can cause DoS on go-git clients (CVE-2023-49568)
* helm: Missing YAML content leads to panic (CVE-2024-26147)
* helm: Shows secrets with --dry-run option in clear text (CVE-2019-25210)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Important: Updated images are now available for Red Hat Advanced Cluster Security.",
"title": "Topic"
},
{
"category": "general",
"text": "Updated images are now available for Red Hat Advanced Cluster Security. The\nupdated image includes new features and bug fixes.\n\nThis release includes the following features and updates:\n\n* New Compliance capabilities (Technology Preview)\n* Network graph enhancements for internal entities\n* Build-time network policy tools is now generally available\n* Init-bundle graphical user interface improvements\n* eBPF CO-RE collection method enabled by default\n* Bring your own database for RHACS Central is now generally available\n* Support RHACS on ROSA hosted control plane\n* Life cycle updates\n* Integration with Red Hat OpenShift Cluster Manager and Paladin Cloud to discover unsecured clusters\n* Migration to stock Red Hat OpenShift SCCs during manual upgrade by using roxctl CLI\n* Cluster discovery by using cloud source integrations\n* Short-lived API tokens for Central\n* Enhanced roxctl deployment check command\n* Authentication of AWS and GCP integrations by using short-lived tokens (Technology Preview)\n* Scanner V4 that uses upstream ClairCore (Technology Preview)\n* Filter workload CVEs by using component and component source\n\nFor more information, including bug fix descriptions, see https://docs.openshift.com/acs/4.4/release_notes/44-release-notes.html.\n\nSecurity fixes:\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n* go-git: Maliciously crafted Git server replies can cause DoS on go-git clients (CVE-2023-49568)\n* helm: Missing YAML content leads to panic (CVE-2024-26147)\n* helm: Shows secrets with --dry-run option in clear text (CVE-2019-25210)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1570",
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
},
{
"category": "external",
"summary": "https://docs.openshift.com/acs/4.4/release_notes/44-release-notes.html",
"url": "https://docs.openshift.com/acs/4.4/release_notes/44-release-notes.html"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "2258165",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258165"
},
{
"category": "external",
"summary": "2265440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265440"
},
{
"category": "external",
"summary": "ROX-23399",
"url": "https://issues.redhat.com/browse/ROX-23399"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1570.json"
}
],
"title": "Red Hat Security Advisory: ACS 4.4 enhancement and security update",
"tracking": {
"current_release_date": "2024-10-14T21:56:25+00:00",
"generator": {
"date": "2024-10-14T21:56:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.0.1"
}
},
"id": "RHSA-2024:1570",
"initial_release_date": "2024-03-28T20:50:01+00:00",
"revision_history": [
{
"date": "2024-03-28T20:50:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-03-28T20:50:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-10-14T21:56:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHACS 4.4 for RHEL 8",
"product": {
"name": "RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.4.0-17"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.4.0-17"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.4.0-13"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.4.0-8"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.4.0-17"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.4.0-17"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.4.0-13"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.4.0-8"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.4.0-17"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.4.0-17"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.4.0-13"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.4.0-8"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-25210",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2024-03-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268201"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Helm that may lead to sensitive information disclosure. When the --dry-run flag is used in Helm 3, it displays values of secrets. Helm 2 just displays the fact that a secret has been created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "helm: shows secrets with --dry-run option in clear text",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-25210"
},
{
"category": "external",
"summary": "RHBZ#2268201",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268201"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-25210",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25210"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-25210",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25210"
},
{
"category": "external",
"summary": "https://github.com/helm/helm/issues/7275",
"url": "https://github.com/helm/helm/issues/7275"
}
],
"release_date": "2024-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "helm: shows secrets with --dry-run option in clear text"
},
{
"cve": "CVE-2023-26144",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-09-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2239924"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the graphql package. Affected versions of this package are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This issue may allow an attacker to degrade system performance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "graphql: Insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26144"
},
{
"category": "external",
"summary": "RHBZ#2239924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26144",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26144"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226",
"url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/issues/3955",
"url": "https://github.com/graphql/graphql-js/issues/3955"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/pull/3972",
"url": "https://github.com/graphql/graphql-js/pull/3972"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1",
"url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181",
"url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181"
}
],
"release_date": "2023-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "graphql: Insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries"
},
{
"cve": "CVE-2023-29406",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: insufficient sanitization of Host header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "RHBZ#2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
}
],
"release_date": "2023-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: insufficient sanitization of Host header"
},
{
"cve": "CVE-2023-49568",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-01-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2258165"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service (DoS) vulnerability was found in the go library go-git. This issue may allow an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-git: Maliciously crafted Git server replies can cause DoS on go-git clients",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This problem only affects the go implementation and not the original git cli code. Applications using only in-memory filesystems are not affected by this issue. Clients should be limited to connect to only trusted git servers to reduce the risk of compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x"
],
"known_not_affected": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-49568"
},
{
"category": "external",
"summary": "RHBZ#2258165",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258165"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-49568",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49568"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-49568",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49568"
},
{
"category": "external",
"summary": "https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r",
"url": "https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r"
}
],
"release_date": "2023-12-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
},
{
"category": "workaround",
"details": "In cases where a bump to the latest version of go-git is not possible, a recommendation to reduce the exposure of this threat is limiting its use to only trust-worthy Git servers.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-git: Maliciously crafted Git server replies can cause DoS on go-git clients"
},
{
"cve": "CVE-2024-26147",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"discovery_date": "2024-02-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2265440"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Helm. This flaw may lead to a panic when Helm parses index and plugin yaml files missing expected content, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "helm: Missing YAML Content Leads To Panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as Moderate since this would impact the Helm client and requires a malicious plugin to be in place, which can be removed.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-26147"
},
{
"category": "external",
"summary": "RHBZ#2265440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-26147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26147"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-26147",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26147"
},
{
"category": "external",
"summary": "https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6",
"url": "https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6"
}
],
"release_date": "2024-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
},
{
"category": "workaround",
"details": "If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem.\n\nIf using Helm SDK versions prior to 3.14.2, calls to affected functions can use recover to catch the panic.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "helm: Missing YAML Content Leads To Panic"
},
{
"cve": "CVE-2024-28180",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2024-03-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268854"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jose-go: improper handling of highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28180"
},
{
"category": "external",
"summary": "RHBZ#2268854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28180"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g"
}
],
"release_date": "2024-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jose-go: improper handling of highly compressed data"
}
]
}
rhba-2023_6078
Vulnerability from csaf_redhat
Published
2023-10-24 12:12
Modified
2024-10-18 05:03
Summary
Red Hat Bug Fix Advisory: MTV 2.5.2 Images
Notes
Topic
Updated Release packages that fix several bugs and add various enhancements are now available.
Details
Migration Toolkit for Virtualization 2.5.2 Images
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Release packages that fix several bugs and add various enhancements are now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Migration Toolkit for Virtualization 2.5.2 Images",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2023:6078",
"url": "https://access.redhat.com/errata/RHBA-2023:6078"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhba-2023_6078.json"
}
],
"title": "Red Hat Bug Fix Advisory: MTV 2.5.2 Images",
"tracking": {
"current_release_date": "2024-10-18T05:03:21+00:00",
"generator": {
"date": "2024-10-18T05:03:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.0.1"
}
},
"id": "RHBA-2023:6078",
"initial_release_date": "2023-10-24T12:12:11+00:00",
"revision_history": [
{
"date": "2023-10-24T12:12:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-24T12:12:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-10-18T05:03:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-MTV-2.5",
"product": {
"name": "8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.5::el9"
}
}
},
{
"category": "product_name",
"name": "8Base-MTV-2.5",
"product": {
"name": "8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.5::el8"
}
}
}
],
"category": "product_family",
"name": "Migration Toolkit for Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"product_id": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"product_id": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"product_id": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"product_id": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-api-rhel8\u0026tag=2.5.2-6"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"product_id": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-rhel8\u0026tag=2.5.2-4"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"product_id": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"product_id": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle\u0026tag=2.5.2-20"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"product_id": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhel8-operator\u0026tag=2.5.2-3"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"product_id": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"product_id": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"product_id": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhv-populator-rhel8\u0026tag=2.5.2-4"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"product_id": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64",
"product_id": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"product_id": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8\u0026tag=2.5.2-2"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Philippe Antoine"
],
"organization": "Catena Cyber"
}
],
"cve": "CVE-2022-41723",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178358"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within OpenShift Container Platform, the maximum impact of this vulnerability is a denial of service against an individual container so the impact could not cascade across the entire infrastructure, this vulnerability is rated Moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41723"
},
{
"category": "external",
"summary": "RHBZ#2178358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178358"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h",
"url": "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h"
},
{
"category": "external",
"summary": "https://go.dev/cl/468135",
"url": "https://go.dev/cl/468135"
},
{
"category": "external",
"summary": "https://go.dev/cl/468295",
"url": "https://go.dev/cl/468295"
},
{
"category": "external",
"summary": "https://go.dev/issue/57855",
"url": "https://go.dev/issue/57855"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1571",
"url": "https://pkg.go.dev/vuln/GO-2023-1571"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-1571.json",
"url": "https://vuln.go.dev/ID/GO-2023-1571.json"
}
],
"release_date": "2023-02-17T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:6078"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding"
},
{
"cve": "CVE-2023-26125",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-05-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2203769"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Gin-Gonic Gin. This flaw allows a remote attacker to bypass security restrictions caused by improper input validation. An attacker can perform cache poisoning attacks by sending a specially-crafted request using the X-Forwarded-Prefix header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-github-gin-gonic-gin: Improper Input Validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26125"
},
{
"category": "external",
"summary": "RHBZ#2203769",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203769"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26125",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26125"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26125",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26125"
},
{
"category": "external",
"summary": "https://www.postgresql.org/support/security/CVE-2023-2454/",
"url": "https://www.postgresql.org/support/security/CVE-2023-2454/"
}
],
"release_date": "2023-05-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:6078"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang-github-gin-gonic-gin: Improper Input Validation"
},
{
"cve": "CVE-2023-26144",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-09-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2239924"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the graphql package. Affected versions of this package are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This issue may allow an attacker to degrade system performance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "graphql: Insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26144"
},
{
"category": "external",
"summary": "RHBZ#2239924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26144",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26144"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226",
"url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/issues/3955",
"url": "https://github.com/graphql/graphql-js/issues/3955"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/pull/3972",
"url": "https://github.com/graphql/graphql-js/pull/3972"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1",
"url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181",
"url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181"
}
],
"release_date": "2023-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:6078"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "graphql: Insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries"
},
{
"cve": "CVE-2023-29401",
"cwe": {
"id": "CWE-494",
"name": "Download of Code Without Integrity Check"
},
"discovery_date": "2023-06-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2216957"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Gin-Gonic Gin Web Framework. Affected versions of this package could allow a remote attacker to bypass security restrictions caused by improper input validation by the filename parameter of the Context.FileAttachment function. An attacker can modify the Content-Disposition header by using a specially-crafted attachment file name.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-github-gin-gonic-gin: Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29401"
},
{
"category": "external",
"summary": "RHBZ#2216957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216957"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29401"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29401",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29401"
}
],
"release_date": "2023-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:6078"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang-github-gin-gonic-gin: Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:6078"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:6078"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
gsd-2023-26144
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.
**Note:** It was not proven that this vulnerability can crash the process.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-26144",
"id": "GSD-2023-26144"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-26144"
],
"details": "Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\r\r**Note:** It was not proven that this vulnerability can crash the process.",
"id": "GSD-2023-26144",
"modified": "2023-12-13T01:20:53.463019Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2023-26144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "graphql",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "16.3.0",
"version_value": "16.8.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "Tadhg Lewis"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\r\r**Note:** It was not proven that this vulnerability can crash the process."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-400",
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181",
"refsource": "MISC",
"url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181"
},
{
"name": "https://github.com/graphql/graphql-js/pull/3972",
"refsource": "MISC",
"url": "https://github.com/graphql/graphql-js/pull/3972"
},
{
"name": "https://github.com/graphql/graphql-js/issues/3955",
"refsource": "MISC",
"url": "https://github.com/graphql/graphql-js/issues/3955"
},
{
"name": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226",
"refsource": "MISC",
"url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226"
},
{
"name": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1",
"refsource": "MISC",
"url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:graphql:graphql:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndExcluding": "16.8.1",
"versionStartIncluding": "16.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:graphql:graphql:17.0.0:alpha2:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:graphql:graphql:17.0.0:alpha1:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2023-26144"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\r\r**Note:** It was not proven that this vulnerability can crash the process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226"
},
{
"name": "https://github.com/graphql/graphql-js/pull/3972",
"refsource": "MISC",
"tags": [
"Product"
],
"url": "https://github.com/graphql/graphql-js/pull/3972"
},
{
"name": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181"
},
{
"name": "https://github.com/graphql/graphql-js/issues/3955",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/graphql/graphql-js/issues/3955"
},
{
"name": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1",
"refsource": "MISC",
"tags": [
"Release Notes"
],
"url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
},
"lastModifiedDate": "2023-09-22T14:05Z",
"publishedDate": "2023-09-20T05:15Z"
}
}
}
Loading...