Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2023-26144
Vulnerability from cvelistv5
Published
2023-09-20 05:00
Modified
2024-09-24 20:32
Severity ?
EPSS score ?
Summary
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.
**Note:** It was not proven that this vulnerability can crash the process.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:39:06.580Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181" }, { "tags": [ "x_transferred" ], "url": "https://github.com/graphql/graphql-js/pull/3972" }, { "tags": [ "x_transferred" ], "url": "https://github.com/graphql/graphql-js/issues/3955" }, { "tags": [ "x_transferred" ], "url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226" }, { "tags": [ "x_transferred" ], "url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-26144", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-24T20:32:04.245711Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-24T20:32:17.400Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "graphql", "vendor": "n/a", "versions": [ { "lessThan": "16.8.1", "status": "affected", "version": "16.3.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Tadhg Lewis" } ], "descriptions": [ { "lang": "en", "value": "Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\r\r**Note:** It was not proven that this vulnerability can crash the process." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "Denial of Service (DoS)", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-20T05:00:02.129Z", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk" }, "references": [ { "url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181" }, { "url": "https://github.com/graphql/graphql-js/pull/3972" }, { "url": "https://github.com/graphql/graphql-js/issues/3955" }, { "url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226" }, { "url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1" } ] } }, "cveMetadata": { "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2023-26144", "datePublished": "2023-09-20T05:00:02.129Z", "dateReserved": "2023-02-20T10:28:48.928Z", "dateUpdated": "2024-09-24T20:32:17.400Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-26144\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2023-09-20T05:15:39.923\",\"lastModified\":\"2024-11-21T07:50:52.170\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\\r\\r**Note:** It was not proven that this vulnerability can crash the process.\"},{\"lang\":\"es\",\"value\":\"Las versiones del paquete graphql desde 16.3.0 y anteriores a 16.8.1 son vulnerables a la Denegaci\u00f3n de Servicio (DoS) debido a comprobaciones insuficientes en el archivo OverlappingFieldsCanBeMergedRule.ts al analizar consultas grandes. Esta vulnerabilidad permite a un atacante degradar el rendimiento del sistema. **Nota:** No se ha demostrado que esta vulnerabilidad pueda bloquear el proceso.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:graphql:graphql:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"16.3.0\",\"versionEndExcluding\":\"16.8.1\",\"matchCriteriaId\":\"F350F09D-E2EC-454B-AE86-D1685AFDD9D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:graphql:graphql:17.0.0:alpha1:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"37819AB7-A406-4FC1-BB34-C949848AF13E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:graphql:graphql:17.0.0:alpha2:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"17EC77C2-6B00-4742-A98E-08874B982117\"}]}]}],\"references\":[{\"url\":\"https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/graphql/graphql-js/issues/3955\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/graphql/graphql-js/pull/3972\",\"source\":\"report@snyk.io\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/graphql/graphql-js/releases/tag/v16.8.1\",\"source\":\"report@snyk.io\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/graphql/graphql-js/issues/3955\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/graphql/graphql-js/pull/3972\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/graphql/graphql-js/releases/tag/v16.8.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]}]}}" } }
rhsa-2024_1570
Vulnerability from csaf_redhat
Published
2024-03-28 20:50
Modified
2024-12-17 22:37
Summary
Red Hat Security Advisory: ACS 4.4 enhancement and security update
Notes
Topic
Important: Updated images are now available for Red Hat Advanced Cluster Security.
Details
Updated images are now available for Red Hat Advanced Cluster Security. The
updated image includes new features and bug fixes.
This release includes the following features and updates:
* New Compliance capabilities (Technology Preview)
* Network graph enhancements for internal entities
* Build-time network policy tools is now generally available
* Init-bundle graphical user interface improvements
* eBPF CO-RE collection method enabled by default
* Bring your own database for RHACS Central is now generally available
* Support RHACS on ROSA hosted control plane
* Life cycle updates
* Integration with Red Hat OpenShift Cluster Manager and Paladin Cloud to discover unsecured clusters
* Migration to stock Red Hat OpenShift SCCs during manual upgrade by using roxctl CLI
* Cluster discovery by using cloud source integrations
* Short-lived API tokens for Central
* Enhanced roxctl deployment check command
* Authentication of AWS and GCP integrations by using short-lived tokens (Technology Preview)
* Scanner V4 that uses upstream ClairCore (Technology Preview)
* Filter workload CVEs by using component and component source
For more information, including bug fix descriptions, see https://docs.openshift.com/acs/4.4/release_notes/44-release-notes.html.
Security fixes:
* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
* go-git: Maliciously crafted Git server replies can cause DoS on go-git clients (CVE-2023-49568)
* helm: Missing YAML content leads to panic (CVE-2024-26147)
* helm: Shows secrets with --dry-run option in clear text (CVE-2019-25210)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Important: Updated images are now available for Red Hat Advanced Cluster Security.", "title": "Topic" }, { "category": "general", "text": "Updated images are now available for Red Hat Advanced Cluster Security. The\nupdated image includes new features and bug fixes.\n\nThis release includes the following features and updates:\n\n* New Compliance capabilities (Technology Preview)\n* Network graph enhancements for internal entities\n* Build-time network policy tools is now generally available\n* Init-bundle graphical user interface improvements\n* eBPF CO-RE collection method enabled by default\n* Bring your own database for RHACS Central is now generally available\n* Support RHACS on ROSA hosted control plane\n* Life cycle updates\n* Integration with Red Hat OpenShift Cluster Manager and Paladin Cloud to discover unsecured clusters\n* Migration to stock Red Hat OpenShift SCCs during manual upgrade by using roxctl CLI\n* Cluster discovery by using cloud source integrations\n* Short-lived API tokens for Central\n* Enhanced roxctl deployment check command\n* Authentication of AWS and GCP integrations by using short-lived tokens (Technology Preview)\n* Scanner V4 that uses upstream ClairCore (Technology Preview)\n* Filter workload CVEs by using component and component source\n\nFor more information, including bug fix descriptions, see https://docs.openshift.com/acs/4.4/release_notes/44-release-notes.html.\n\nSecurity fixes:\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n* go-git: Maliciously crafted Git server replies can cause DoS on go-git clients (CVE-2023-49568)\n* helm: Missing YAML content leads to panic (CVE-2024-26147)\n* helm: Shows secrets with --dry-run option in clear text (CVE-2019-25210)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1570", "url": "https://access.redhat.com/errata/RHSA-2024:1570" }, { "category": "external", "summary": "https://docs.openshift.com/acs/4.4/release_notes/44-release-notes.html", "url": "https://docs.openshift.com/acs/4.4/release_notes/44-release-notes.html" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2222167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167" }, { "category": "external", "summary": "2258165", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258165" }, { "category": "external", "summary": "2265440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265440" }, { "category": "external", "summary": "ROX-23399", "url": "https://issues.redhat.com/browse/ROX-23399" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1570.json" } ], "title": "Red Hat Security Advisory: ACS 4.4 enhancement and security update", "tracking": { "current_release_date": "2024-12-17T22:37:33+00:00", "generator": { "date": "2024-12-17T22:37:33+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:1570", "initial_release_date": "2024-03-28T20:50:01+00:00", "revision_history": [ { "date": "2024-03-28T20:50:01+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-03-28T20:50:01+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-17T22:37:33+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHACS 4.4 for RHEL 8", "product": { "name": "RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8" } } } ], "category": "product_family", "name": "Red Hat Advanced Cluster Security for Kubernetes" }, { "branches": [ { "category": "product_version", "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "product": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.4.0-9" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "product": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.4.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "product": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.4.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64", "product": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64", "product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.4.0-17" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "product": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.4.0-17" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "product": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.4.0-9" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "product": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.4.0-9" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.4.0-11" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.4.0-11" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.4.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.4.0-11" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.4.0-13" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.4.0-8" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.4.0-9" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.4.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.4.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.4.0-17" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.4.0-17" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.4.0-9" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.4.0-9" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.4.0-11" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.4.0-11" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.4.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.4.0-11" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.4.0-13" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.4.0-8" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "product": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.4.0-9" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "product": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.4.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "product": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.4.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "product": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.4.0-17" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "product": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.4.0-17" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "product": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.4.0-9" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "product": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.4.0-9" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.4.0-11" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.4.0-11" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.4.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.4.0-11" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.4.0-13" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.4.0-8" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64 as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64" }, "product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x" }, "product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64 as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64" }, "product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x" }, "product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x" }, "product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64 as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64" }, "product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x" }, "product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64 as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64" }, "product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64 as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64" }, "product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x" }, "product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64 as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64" }, "product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x" }, "product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x" }, "product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64 as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64" }, "product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64 as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64 as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64 as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64 as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64 as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "relates_to_product_reference": "8Base-RHACS-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64 as a component of RHACS 4.4 for RHEL 8", "product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64", "relates_to_product_reference": "8Base-RHACS-4.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-25210", "cwe": { "id": "CWE-201", "name": "Insertion of Sensitive Information Into Sent Data" }, "discovery_date": "2024-03-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268201" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Helm that may lead to sensitive information disclosure. When the --dry-run flag is used in Helm 3, it displays values of secrets. Helm 2 just displays the fact that a secret has been created.", "title": "Vulnerability description" }, { "category": "summary", "text": "helm: shows secrets with --dry-run option in clear text", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-25210" }, { "category": "external", "summary": "RHBZ#2268201", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268201" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-25210", "url": "https://www.cve.org/CVERecord?id=CVE-2019-25210" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-25210", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25210" }, { "category": "external", "summary": "https://github.com/helm/helm/issues/7275", "url": "https://github.com/helm/helm/issues/7275" } ], "release_date": "2024-03-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-03-28T20:50:01+00:00", "details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.", "product_ids": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1570" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "helm: shows secrets with --dry-run option in clear text" }, { "cve": "CVE-2023-26144", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-09-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2239924" } ], "notes": [ { "category": "description", "text": "A flaw was found in the graphql package. Affected versions of this package are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This issue may allow an attacker to degrade system performance.", "title": "Vulnerability description" }, { "category": "summary", "text": "graphql: Insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64" ], "known_not_affected": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26144" }, { "category": "external", "summary": "RHBZ#2239924", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239924" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26144", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26144" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26144", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26144" }, { "category": "external", "summary": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226", "url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226" }, { "category": "external", "summary": "https://github.com/graphql/graphql-js/issues/3955", "url": "https://github.com/graphql/graphql-js/issues/3955" }, { "category": "external", "summary": "https://github.com/graphql/graphql-js/pull/3972", "url": "https://github.com/graphql/graphql-js/pull/3972" }, { "category": "external", "summary": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1", "url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181", "url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181" } ], "release_date": "2023-09-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-03-28T20:50:01+00:00", "details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.", "product_ids": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1570" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "graphql: Insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries" }, { "cve": "CVE-2023-29406", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2023-07-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2222167" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: insufficient sanitization of Host header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64" ], "known_not_affected": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-29406" }, { "category": "external", "summary": "RHBZ#2222167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29406" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", "url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0" } ], "release_date": "2023-07-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-03-28T20:50:01+00:00", "details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.", "product_ids": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1570" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: insufficient sanitization of Host header" }, { "cve": "CVE-2023-49568", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-01-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2258165" } ], "notes": [ { "category": "description", "text": "A denial of service (DoS) vulnerability was found in the go library go-git. This issue may allow an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients.", "title": "Vulnerability description" }, { "category": "summary", "text": "go-git: Maliciously crafted Git server replies can cause DoS on go-git clients", "title": "Vulnerability summary" }, { "category": "other", "text": "This problem only affects the go implementation and not the original git cli code. Applications using only in-memory filesystems are not affected by this issue. Clients should be limited to connect to only trusted git servers to reduce the risk of compromise.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x" ], "known_not_affected": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-49568" }, { "category": "external", "summary": "RHBZ#2258165", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258165" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-49568", "url": "https://www.cve.org/CVERecord?id=CVE-2023-49568" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-49568", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49568" }, { "category": "external", "summary": "https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r", "url": "https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r" } ], "release_date": "2023-12-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-03-28T20:50:01+00:00", "details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.", "product_ids": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1570" }, { "category": "workaround", "details": "In cases where a bump to the latest version of go-git is not possible, a recommendation to reduce the exposure of this threat is limiting its use to only trust-worthy Git servers.", "product_ids": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "go-git: Maliciously crafted Git server replies can cause DoS on go-git clients" }, { "cve": "CVE-2024-26147", "cwe": { "id": "CWE-457", "name": "Use of Uninitialized Variable" }, "discovery_date": "2024-02-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2265440" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Helm. This flaw may lead to a panic when Helm parses index and plugin yaml files missing expected content, leading to a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "helm: Missing YAML Content Leads To Panic", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates this as Moderate since this would impact the Helm client and requires a malicious plugin to be in place, which can be removed.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64" ], "known_not_affected": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-26147" }, { "category": "external", "summary": "RHBZ#2265440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265440" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-26147", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26147" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-26147", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26147" }, { "category": "external", "summary": "https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6", "url": "https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6" } ], "release_date": "2024-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-03-28T20:50:01+00:00", "details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.", "product_ids": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1570" }, { "category": "workaround", "details": "If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem.\n\nIf using Helm SDK versions prior to 3.14.2, calls to affected functions can use recover to catch the panic.", "product_ids": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "helm: Missing YAML Content Leads To Panic" }, { "cve": "CVE-2024-28180", "cwe": { "id": "CWE-409", "name": "Improper Handling of Highly Compressed Data (Data Amplification)" }, "discovery_date": "2024-03-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268854" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.", "title": "Vulnerability description" }, { "category": "summary", "text": "jose-go: improper handling of highly compressed data", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64" ], "known_not_affected": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28180" }, { "category": "external", "summary": "RHBZ#2268854", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268854" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28180", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28180" }, { "category": "external", "summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g", "url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g" } ], "release_date": "2024-03-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-03-28T20:50:01+00:00", "details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.", "product_ids": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1570" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jose-go: improper handling of highly compressed data" } ] }
rhba-2023_6078
Vulnerability from csaf_redhat
Published
2023-10-24 12:12
Modified
2024-12-18 04:43
Summary
Red Hat Bug Fix Advisory: MTV 2.5.2 Images
Notes
Topic
Updated Release packages that fix several bugs and add various enhancements are now available.
Details
Migration Toolkit for Virtualization 2.5.2 Images
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated Release packages that fix several bugs and add various enhancements are now available.", "title": "Topic" }, { "category": "general", "text": "Migration Toolkit for Virtualization 2.5.2 Images", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHBA-2023:6078", "url": "https://access.redhat.com/errata/RHBA-2023:6078" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhba-2023_6078.json" } ], "title": "Red Hat Bug Fix Advisory: MTV 2.5.2 Images", "tracking": { "current_release_date": "2024-12-18T04:43:10+00:00", "generator": { "date": "2024-12-18T04:43:10+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHBA-2023:6078", "initial_release_date": "2023-10-24T12:12:11+00:00", "revision_history": [ { "date": "2023-10-24T12:12:11+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-10-24T12:12:11+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-18T04:43:10+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "8Base-MTV-2.5", "product": { "name": "8Base-MTV-2.5", "product_id": "9Base-MTV-2.5", "product_identification_helper": { "cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.5::el9" } } }, { "category": "product_name", "name": "8Base-MTV-2.5", "product": { "name": "8Base-MTV-2.5", "product_id": "8Base-MTV-2.5", "product_identification_helper": { "cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.5::el8" } } } ], "category": "product_family", "name": "Migration Toolkit for Virtualization" }, { "branches": [ { "category": "product_version", "name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "product": { "name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "product_id": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "product_identification_helper": { "purl": "pkg:oci/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9\u0026tag=2.5.2-5" } } }, { "category": "product_version", "name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "product": { "name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "product_id": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "product_identification_helper": { "purl": "pkg:oci/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9\u0026tag=2.5.2-5" } } }, { "category": "product_version", "name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64", "product": { "name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64", "product_id": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64", "product_identification_helper": { "purl": "pkg:oci/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9\u0026tag=2.5.2-5" } } }, { "category": "product_version", "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "product": { "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "product_id": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "product_identification_helper": { "purl": "pkg:oci/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-api-rhel8\u0026tag=2.5.2-6" } } }, { "category": "product_version", "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "product": { "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "product_id": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "product_identification_helper": { "purl": "pkg:oci/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-rhel8\u0026tag=2.5.2-4" } } }, { "category": "product_version", "name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "product": { "name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "product_id": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "product_identification_helper": { "purl": "pkg:oci/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9\u0026tag=2.5.2-5" } } }, { "category": "product_version", "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "product": { "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "product_id": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "product_identification_helper": { "purl": "pkg:oci/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle\u0026tag=2.5.2-20" } } }, { "category": "product_version", "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "product": { "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "product_id": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "product_identification_helper": { "purl": "pkg:oci/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhel8-operator\u0026tag=2.5.2-3" } } }, { "category": "product_version", "name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "product": { "name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "product_id": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "product_identification_helper": { "purl": "pkg:oci/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9\u0026tag=2.5.2-5" } } }, { "category": "product_version", "name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "product": { "name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "product_id": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "product_identification_helper": { "purl": "pkg:oci/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9\u0026tag=2.5.2-5" } } }, { "category": "product_version", "name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "product": { "name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "product_id": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "product_identification_helper": { "purl": "pkg:oci/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhv-populator-rhel8\u0026tag=2.5.2-4" } } }, { "category": "product_version", "name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "product": { "name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "product_id": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "product_identification_helper": { "purl": "pkg:oci/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9\u0026tag=2.5.2-5" } } }, { "category": "product_version", "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64", "product": { "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64", "product_id": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64", "product_identification_helper": { "purl": "pkg:oci/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9\u0026tag=2.5.2-5" } } }, { "category": "product_version", "name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "product": { "name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "product_id": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "product_identification_helper": { "purl": "pkg:oci/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8\u0026tag=2.5.2-2" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64 as a component of 8Base-MTV-2.5", "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64" }, "product_reference": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "relates_to_product_reference": "8Base-MTV-2.5" }, { "category": "default_component_of", "full_product_name": { "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64 as a component of 8Base-MTV-2.5", "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64" }, "product_reference": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "relates_to_product_reference": "8Base-MTV-2.5" }, { "category": "default_component_of", "full_product_name": { "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64 as a component of 8Base-MTV-2.5", "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64" }, "product_reference": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "relates_to_product_reference": "8Base-MTV-2.5" }, { "category": "default_component_of", "full_product_name": { "name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64 as a component of 8Base-MTV-2.5", "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64" }, "product_reference": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "relates_to_product_reference": "8Base-MTV-2.5" }, { "category": "default_component_of", "full_product_name": { "name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64 as a component of 8Base-MTV-2.5", "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64" }, "product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "relates_to_product_reference": "8Base-MTV-2.5" }, { "category": "default_component_of", "full_product_name": { "name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64 as a component of 8Base-MTV-2.5", "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64" }, "product_reference": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "relates_to_product_reference": "9Base-MTV-2.5" }, { "category": "default_component_of", "full_product_name": { "name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64 as a component of 8Base-MTV-2.5", "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64" }, "product_reference": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "relates_to_product_reference": "9Base-MTV-2.5" }, { "category": "default_component_of", "full_product_name": { "name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64 as a component of 8Base-MTV-2.5", "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64" }, "product_reference": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64", "relates_to_product_reference": "9Base-MTV-2.5" }, { "category": "default_component_of", "full_product_name": { "name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64 as a component of 8Base-MTV-2.5", "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64" }, "product_reference": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "relates_to_product_reference": "9Base-MTV-2.5" }, { "category": "default_component_of", "full_product_name": { "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64 as a component of 8Base-MTV-2.5", "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64" }, "product_reference": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "relates_to_product_reference": "9Base-MTV-2.5" }, { "category": "default_component_of", "full_product_name": { "name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64 as a component of 8Base-MTV-2.5", "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64" }, "product_reference": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "relates_to_product_reference": "9Base-MTV-2.5" }, { "category": "default_component_of", "full_product_name": { "name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64 as a component of 8Base-MTV-2.5", "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64" }, "product_reference": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "relates_to_product_reference": "9Base-MTV-2.5" }, { "category": "default_component_of", "full_product_name": { "name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64 as a component of 8Base-MTV-2.5", "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64" }, "product_reference": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "relates_to_product_reference": "9Base-MTV-2.5" }, { "category": "default_component_of", "full_product_name": { "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64 as a component of 8Base-MTV-2.5", "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64" }, "product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64", "relates_to_product_reference": "9Base-MTV-2.5" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Philippe Antoine" ], "organization": "Catena Cyber" } ], "cve": "CVE-2022-41723", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-03-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2178358" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", "title": "Vulnerability summary" }, { "category": "other", "text": "Within OpenShift Container Platform, the maximum impact of this vulnerability is a denial of service against an individual container so the impact could not cascade across the entire infrastructure, this vulnerability is rated Moderate impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64" ], "known_not_affected": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41723" }, { "category": "external", "summary": "RHBZ#2178358", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178358" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41723", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", "url": "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h" }, { "category": "external", "summary": "https://go.dev/cl/468135", "url": "https://go.dev/cl/468135" }, { "category": "external", "summary": "https://go.dev/cl/468295", "url": "https://go.dev/cl/468295" }, { "category": "external", "summary": "https://go.dev/issue/57855", "url": "https://go.dev/issue/57855" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-1571", "url": "https://pkg.go.dev/vuln/GO-2023-1571" }, { "category": "external", "summary": "https://vuln.go.dev/ID/GO-2023-1571.json", "url": "https://vuln.go.dev/ID/GO-2023-1571.json" } ], "release_date": "2023-02-17T14:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-24T12:12:11+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2023:6078" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding" }, { "cve": "CVE-2023-26125", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-05-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2203769" } ], "notes": [ { "category": "description", "text": "A flaw was found in Gin-Gonic Gin. This flaw allows a remote attacker to bypass security restrictions caused by improper input validation. An attacker can perform cache poisoning attacks by sending a specially-crafted request using the X-Forwarded-Prefix header.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang-github-gin-gonic-gin: Improper Input Validation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64" ], "known_not_affected": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26125" }, { "category": "external", "summary": "RHBZ#2203769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203769" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26125", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26125" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26125", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26125" }, { "category": "external", "summary": "https://www.postgresql.org/support/security/CVE-2023-2454/", "url": "https://www.postgresql.org/support/security/CVE-2023-2454/" } ], "release_date": "2023-05-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-24T12:12:11+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2023:6078" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "product_ids": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang-github-gin-gonic-gin: Improper Input Validation" }, { "cve": "CVE-2023-26144", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-09-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2239924" } ], "notes": [ { "category": "description", "text": "A flaw was found in the graphql package. Affected versions of this package are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This issue may allow an attacker to degrade system performance.", "title": "Vulnerability description" }, { "category": "summary", "text": "graphql: Insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64" ], "known_not_affected": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26144" }, { "category": "external", "summary": "RHBZ#2239924", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239924" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26144", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26144" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26144", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26144" }, { "category": "external", "summary": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226", "url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226" }, { "category": "external", "summary": "https://github.com/graphql/graphql-js/issues/3955", "url": "https://github.com/graphql/graphql-js/issues/3955" }, { "category": "external", "summary": "https://github.com/graphql/graphql-js/pull/3972", "url": "https://github.com/graphql/graphql-js/pull/3972" }, { "category": "external", "summary": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1", "url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181", "url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181" } ], "release_date": "2023-09-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-24T12:12:11+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2023:6078" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "graphql: Insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries" }, { "cve": "CVE-2023-29401", "cwe": { "id": "CWE-494", "name": "Download of Code Without Integrity Check" }, "discovery_date": "2023-06-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2216957" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Gin-Gonic Gin Web Framework. Affected versions of this package could allow a remote attacker to bypass security restrictions caused by improper input validation by the filename parameter of the Context.FileAttachment function. An attacker can modify the Content-Disposition header by using a specially-crafted attachment file name.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang-github-gin-gonic-gin: Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64" ], "known_not_affected": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-29401" }, { "category": "external", "summary": "RHBZ#2216957", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216957" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-29401", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29401" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29401", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29401" } ], "release_date": "2023-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-24T12:12:11+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2023:6078" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang-github-gin-gonic-gin: Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function" }, { "cve": "CVE-2023-39325", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-10-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2243296" } ], "notes": [ { "category": "description", "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64" ], "known_not_affected": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39325" }, { "category": "external", "summary": "RHBZ#2243296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296" }, { "category": "external", "summary": "RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2023-44487", "url": "https://access.redhat.com/security/cve/CVE-2023-44487" }, { "category": "external", "summary": "https://go.dev/issue/63417", "url": "https://go.dev/issue/63417" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2102", "url": "https://pkg.go.dev/vuln/GO-2023-2102" }, { "category": "external", "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" } ], "release_date": "2023-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-24T12:12:11+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2023:6078" }, { "category": "workaround", "details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.", "product_ids": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)" }, { "cve": "CVE-2023-44487", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-10-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2242803" } ], "notes": [ { "category": "description", "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)", "title": "Vulnerability summary" }, { "category": "other", "text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64" ], "known_not_affected": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-44487" }, { "category": "external", "summary": "RHBZ#2242803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" }, { "category": "external", "summary": "RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/277", "url": "https://github.com/dotnet/announcements/issues/277" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2102", "url": "https://pkg.go.dev/vuln/GO-2023-2102" }, { "category": "external", "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" }, { "category": "external", "summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2023-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-24T12:12:11+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2023:6078" }, { "category": "workaround", "details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.", "product_ids": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64", "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64", "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64" ] } ], "threats": [ { "category": "exploit_status", "date": "2023-10-10T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Important" } ], "title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)" } ] }
ghsa-9pv7-vfvm-6vr7
Vulnerability from github
Published
2023-09-20 06:30
Modified
2023-09-21 17:03
Severity ?
Summary
graphql Uncontrolled Resource Consumption vulnerability
Details
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.
Note: It was not proven that this vulnerability can crash the process.
{ "affected": [ { "package": { "ecosystem": "npm", "name": "graphql" }, "ranges": [ { "events": [ { "introduced": "16.3.0" }, { "fixed": "16.8.1" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2023-26144" ], "database_specific": { "cwe_ids": [ "CWE-400" ], "github_reviewed": true, "github_reviewed_at": "2023-09-21T17:03:11Z", "nvd_published_at": "2023-09-20T05:15:39Z", "severity": "MODERATE" }, "details": "Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\n\n**Note:** It was not proven that this vulnerability can crash the process.", "id": "GHSA-9pv7-vfvm-6vr7", "modified": "2023-09-21T17:03:11Z", "published": "2023-09-20T06:30:50Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26144" }, { "type": "WEB", "url": "https://github.com/graphql/graphql-js/issues/3955" }, { "type": "WEB", "url": "https://github.com/graphql/graphql-js/pull/3972" }, { "type": "WEB", "url": "https://github.com/graphql/graphql-js/commit/8f4c64eb6a7112a929ffeef00caa67529b3f2fcf" }, { "type": "PACKAGE", "url": "https://github.com/graphql/graphql-js" }, { "type": "WEB", "url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1" }, { "type": "WEB", "url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "type": "CVSS_V3" } ], "summary": "graphql Uncontrolled Resource Consumption vulnerability" }
gsd-2023-26144
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.
**Note:** It was not proven that this vulnerability can crash the process.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2023-26144", "id": "GSD-2023-26144" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-26144" ], "details": "Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\r\r**Note:** It was not proven that this vulnerability can crash the process.", "id": "GSD-2023-26144", "modified": "2023-12-13T01:20:53.463019Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "report@snyk.io", "ID": "CVE-2023-26144", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "graphql", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "16.3.0", "version_value": "16.8.1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "credits": [ { "lang": "en", "value": "Tadhg Lewis" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\r\r**Note:** It was not proven that this vulnerability can crash the process." } ] }, "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-400", "lang": "eng", "value": "Denial of Service (DoS)" } ] } ] }, "references": { "reference_data": [ { "name": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181", "refsource": "MISC", "url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181" }, { "name": "https://github.com/graphql/graphql-js/pull/3972", "refsource": "MISC", "url": "https://github.com/graphql/graphql-js/pull/3972" }, { "name": "https://github.com/graphql/graphql-js/issues/3955", "refsource": "MISC", "url": "https://github.com/graphql/graphql-js/issues/3955" }, { "name": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226", "refsource": "MISC", "url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226" }, { "name": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1", "refsource": "MISC", "url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:graphql:graphql:*:*:*:*:*:node.js:*:*", "cpe_name": [], "versionEndExcluding": "16.8.1", "versionStartIncluding": "16.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:graphql:graphql:17.0.0:alpha2:*:*:*:node.js:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:graphql:graphql:17.0.0:alpha1:*:*:*:node.js:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "report@snyk.io", "ID": "CVE-2023-26144" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\r\r**Note:** It was not proven that this vulnerability can crash the process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-400" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226", "refsource": "MISC", "tags": [ "Patch" ], "url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226" }, { "name": "https://github.com/graphql/graphql-js/pull/3972", "refsource": "MISC", "tags": [ "Product" ], "url": "https://github.com/graphql/graphql-js/pull/3972" }, { "name": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181", "refsource": "MISC", "tags": [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181" }, { "name": "https://github.com/graphql/graphql-js/issues/3955", "refsource": "MISC", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ], "url": "https://github.com/graphql/graphql-js/issues/3955" }, { "name": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1", "refsource": "MISC", "tags": [ "Release Notes" ], "url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4 } }, "lastModifiedDate": "2023-09-22T14:05Z", "publishedDate": "2023-09-20T05:15Z" } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.