Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-26144 (GCVE-0-2023-26144)
Vulnerability from cvelistv5 – Published: 2023-09-20 05:00 – Updated: 2024-09-24 20:32
VLAI?
EPSS
Summary
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.
**Note:** It was not proven that this vulnerability can crash the process.
Severity ?
5.3 (Medium)
CWE
- CWE-400 - Denial of Service (DoS)
Assigner
References
Credits
Tadhg Lewis
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/graphql/graphql-js/pull/3972"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/graphql/graphql-js/issues/3955"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26144",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T20:32:04.245711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T20:32:17.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "graphql",
"vendor": "n/a",
"versions": [
{
"lessThan": "16.8.1",
"status": "affected",
"version": "16.3.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tadhg Lewis"
}
],
"descriptions": [
{
"lang": "en",
"value": "Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\r\r**Note:** It was not proven that this vulnerability can crash the process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-20T05:00:02.129Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181"
},
{
"url": "https://github.com/graphql/graphql-js/pull/3972"
},
{
"url": "https://github.com/graphql/graphql-js/issues/3955"
},
{
"url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226"
},
{
"url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2023-26144",
"datePublished": "2023-09-20T05:00:02.129Z",
"dateReserved": "2023-02-20T10:28:48.928Z",
"dateUpdated": "2024-09-24T20:32:17.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:graphql:graphql:*:*:*:*:*:node.js:*:*\", \"versionStartIncluding\": \"16.3.0\", \"versionEndExcluding\": \"16.8.1\", \"matchCriteriaId\": \"F350F09D-E2EC-454B-AE86-D1685AFDD9D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:graphql:graphql:17.0.0:alpha1:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"37819AB7-A406-4FC1-BB34-C949848AF13E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:graphql:graphql:17.0.0:alpha2:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"17EC77C2-6B00-4742-A98E-08874B982117\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\\r\\r**Note:** It was not proven that this vulnerability can crash the process.\"}, {\"lang\": \"es\", \"value\": \"Las versiones del paquete graphql desde 16.3.0 y anteriores a 16.8.1 son vulnerables a la Denegaci\\u00f3n de Servicio (DoS) debido a comprobaciones insuficientes en el archivo OverlappingFieldsCanBeMergedRule.ts al analizar consultas grandes. Esta vulnerabilidad permite a un atacante degradar el rendimiento del sistema. **Nota:** No se ha demostrado que esta vulnerabilidad pueda bloquear el proceso.\"}]",
"id": "CVE-2023-26144",
"lastModified": "2024-11-21T07:50:52.170",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"report@snyk.io\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
"published": "2023-09-20T05:15:39.923",
"references": "[{\"url\": \"https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226\", \"source\": \"report@snyk.io\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/graphql/graphql-js/issues/3955\", \"source\": \"report@snyk.io\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/graphql/graphql-js/pull/3972\", \"source\": \"report@snyk.io\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/graphql/graphql-js/releases/tag/v16.8.1\", \"source\": \"report@snyk.io\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181\", \"source\": \"report@snyk.io\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/graphql/graphql-js/issues/3955\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/graphql/graphql-js/pull/3972\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/graphql/graphql-js/releases/tag/v16.8.1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"report@snyk.io\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-26144\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2023-09-20T05:15:39.923\",\"lastModified\":\"2024-11-21T07:50:52.170\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\\r\\r**Note:** It was not proven that this vulnerability can crash the process.\"},{\"lang\":\"es\",\"value\":\"Las versiones del paquete graphql desde 16.3.0 y anteriores a 16.8.1 son vulnerables a la Denegaci\u00f3n de Servicio (DoS) debido a comprobaciones insuficientes en el archivo OverlappingFieldsCanBeMergedRule.ts al analizar consultas grandes. Esta vulnerabilidad permite a un atacante degradar el rendimiento del sistema. **Nota:** No se ha demostrado que esta vulnerabilidad pueda bloquear el proceso.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:graphql:graphql:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"16.3.0\",\"versionEndExcluding\":\"16.8.1\",\"matchCriteriaId\":\"F350F09D-E2EC-454B-AE86-D1685AFDD9D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:graphql:graphql:17.0.0:alpha1:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"37819AB7-A406-4FC1-BB34-C949848AF13E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:graphql:graphql:17.0.0:alpha2:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"17EC77C2-6B00-4742-A98E-08874B982117\"}]}]}],\"references\":[{\"url\":\"https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/graphql/graphql-js/issues/3955\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/graphql/graphql-js/pull/3972\",\"source\":\"report@snyk.io\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/graphql/graphql-js/releases/tag/v16.8.1\",\"source\":\"report@snyk.io\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/graphql/graphql-js/issues/3955\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/graphql/graphql-js/pull/3972\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/graphql/graphql-js/releases/tag/v16.8.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/graphql/graphql-js/pull/3972\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/graphql/graphql-js/issues/3955\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/graphql/graphql-js/releases/tag/v16.8.1\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T11:39:06.580Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-26144\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-24T20:32:04.245711Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-24T20:32:11.880Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Tadhg Lewis\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"graphql\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.3.0\", \"lessThan\": \"16.8.1\", \"versionType\": \"semver\"}]}], \"references\": [{\"url\": \"https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181\"}, {\"url\": \"https://github.com/graphql/graphql-js/pull/3972\"}, {\"url\": \"https://github.com/graphql/graphql-js/issues/3955\"}, {\"url\": \"https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226\"}, {\"url\": \"https://github.com/graphql/graphql-js/releases/tag/v16.8.1\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\\r\\r**Note:** It was not proven that this vulnerability can crash the process.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"cweId\": \"CWE-400\", \"description\": \"Denial of Service (DoS)\"}]}], \"providerMetadata\": {\"orgId\": \"bae035ff-b466-4ff4-94d0-fc9efd9e1730\", \"shortName\": \"snyk\", \"dateUpdated\": \"2023-09-20T05:00:02.129Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-26144\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-24T20:32:17.400Z\", \"dateReserved\": \"2023-02-20T10:28:48.928Z\", \"assignerOrgId\": \"bae035ff-b466-4ff4-94d0-fc9efd9e1730\", \"datePublished\": \"2023-09-20T05:00:02.129Z\", \"assignerShortName\": \"snyk\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHBA-2023_6078
Vulnerability from csaf_redhat - Published: 2023-10-24 12:12 - Updated: 2024-12-18 04:43Summary
Red Hat Bug Fix Advisory: MTV 2.5.2 Images
Notes
Topic
Updated Release packages that fix several bugs and add various enhancements are now available.
Details
Migration Toolkit for Virtualization 2.5.2 Images
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Release packages that fix several bugs and add various enhancements are now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Migration Toolkit for Virtualization 2.5.2 Images",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2023:6078",
"url": "https://access.redhat.com/errata/RHBA-2023:6078"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhba-2023_6078.json"
}
],
"title": "Red Hat Bug Fix Advisory: MTV 2.5.2 Images",
"tracking": {
"current_release_date": "2024-12-18T04:43:10+00:00",
"generator": {
"date": "2024-12-18T04:43:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHBA-2023:6078",
"initial_release_date": "2023-10-24T12:12:11+00:00",
"revision_history": [
{
"date": "2023-10-24T12:12:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-24T12:12:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T04:43:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-MTV-2.5",
"product": {
"name": "8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.5::el9"
}
}
},
{
"category": "product_name",
"name": "8Base-MTV-2.5",
"product": {
"name": "8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.5::el8"
}
}
}
],
"category": "product_family",
"name": "Migration Toolkit for Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"product_id": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"product_id": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"product_id": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"product_id": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-api-rhel8\u0026tag=2.5.2-6"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"product_id": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-rhel8\u0026tag=2.5.2-4"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"product_id": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"product_id": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle\u0026tag=2.5.2-20"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"product_id": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhel8-operator\u0026tag=2.5.2-3"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"product_id": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"product_id": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"product_id": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhv-populator-rhel8\u0026tag=2.5.2-4"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"product_id": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64",
"product_id": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"product_id": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8\u0026tag=2.5.2-2"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Philippe Antoine"
],
"organization": "Catena Cyber"
}
],
"cve": "CVE-2022-41723",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178358"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within OpenShift Container Platform, the maximum impact of this vulnerability is a denial of service against an individual container so the impact could not cascade across the entire infrastructure, this vulnerability is rated Moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41723"
},
{
"category": "external",
"summary": "RHBZ#2178358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178358"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h",
"url": "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h"
},
{
"category": "external",
"summary": "https://go.dev/cl/468135",
"url": "https://go.dev/cl/468135"
},
{
"category": "external",
"summary": "https://go.dev/cl/468295",
"url": "https://go.dev/cl/468295"
},
{
"category": "external",
"summary": "https://go.dev/issue/57855",
"url": "https://go.dev/issue/57855"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1571",
"url": "https://pkg.go.dev/vuln/GO-2023-1571"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-1571.json",
"url": "https://vuln.go.dev/ID/GO-2023-1571.json"
}
],
"release_date": "2023-02-17T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T12:12:11+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:6078"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding"
},
{
"cve": "CVE-2023-26125",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-05-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2203769"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Gin-Gonic Gin. This flaw allows a remote attacker to bypass security restrictions caused by improper input validation. An attacker can perform cache poisoning attacks by sending a specially-crafted request using the X-Forwarded-Prefix header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-github-gin-gonic-gin: Improper Input Validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26125"
},
{
"category": "external",
"summary": "RHBZ#2203769",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203769"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26125",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26125"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26125",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26125"
},
{
"category": "external",
"summary": "https://www.postgresql.org/support/security/CVE-2023-2454/",
"url": "https://www.postgresql.org/support/security/CVE-2023-2454/"
}
],
"release_date": "2023-05-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T12:12:11+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:6078"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang-github-gin-gonic-gin: Improper Input Validation"
},
{
"cve": "CVE-2023-26144",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-09-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2239924"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the graphql package. Affected versions of this package are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This issue may allow an attacker to degrade system performance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "graphql: Insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26144"
},
{
"category": "external",
"summary": "RHBZ#2239924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26144",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26144"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226",
"url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/issues/3955",
"url": "https://github.com/graphql/graphql-js/issues/3955"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/pull/3972",
"url": "https://github.com/graphql/graphql-js/pull/3972"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1",
"url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181",
"url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181"
}
],
"release_date": "2023-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T12:12:11+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:6078"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "graphql: Insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries"
},
{
"cve": "CVE-2023-29401",
"cwe": {
"id": "CWE-494",
"name": "Download of Code Without Integrity Check"
},
"discovery_date": "2023-06-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2216957"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Gin-Gonic Gin Web Framework. Affected versions of this package could allow a remote attacker to bypass security restrictions caused by improper input validation by the filename parameter of the Context.FileAttachment function. An attacker can modify the Content-Disposition header by using a specially-crafted attachment file name.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-github-gin-gonic-gin: Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29401"
},
{
"category": "external",
"summary": "RHBZ#2216957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216957"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29401"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29401",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29401"
}
],
"release_date": "2023-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T12:12:11+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:6078"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang-github-gin-gonic-gin: Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T12:12:11+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:6078"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T12:12:11+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:6078"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHBA-2023:6078
Vulnerability from csaf_redhat - Published: 2023-10-24 12:12 - Updated: 2025-12-05 06:16Summary
Red Hat Bug Fix Advisory: MTV 2.5.2 Images
Notes
Topic
Updated Release packages that fix several bugs and add various enhancements are now available.
Details
Migration Toolkit for Virtualization 2.5.2 Images
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Release packages that fix several bugs and add various enhancements are now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Migration Toolkit for Virtualization 2.5.2 Images",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2023:6078",
"url": "https://access.redhat.com/errata/RHBA-2023:6078"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhba-2023_6078.json"
}
],
"title": "Red Hat Bug Fix Advisory: MTV 2.5.2 Images",
"tracking": {
"current_release_date": "2025-12-05T06:16:29+00:00",
"generator": {
"date": "2025-12-05T06:16:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHBA-2023:6078",
"initial_release_date": "2023-10-24T12:12:11+00:00",
"revision_history": [
{
"date": "2023-10-24T12:12:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-24T12:12:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-05T06:16:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-MTV-2.5",
"product": {
"name": "8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.5::el9"
}
}
},
{
"category": "product_name",
"name": "8Base-MTV-2.5",
"product": {
"name": "8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.5::el8"
}
}
}
],
"category": "product_family",
"name": "Migration Toolkit for Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"product_id": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"product_id": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"product_id": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"product_id": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-api-rhel8\u0026tag=2.5.2-6"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"product_id": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-rhel8\u0026tag=2.5.2-4"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"product_id": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"product_id": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle\u0026tag=2.5.2-20"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"product_id": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhel8-operator\u0026tag=2.5.2-3"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"product_id": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"product_id": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"product_id": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhv-populator-rhel8\u0026tag=2.5.2-4"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"product_id": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64",
"product_id": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9\u0026tag=2.5.2-5"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"product_id": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8\u0026tag=2.5.2-2"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Philippe Antoine"
],
"organization": "Catena Cyber"
}
],
"cve": "CVE-2022-41723",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178358"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within OpenShift Container Platform, the maximum impact of this vulnerability is a denial of service against an individual container so the impact could not cascade across the entire infrastructure, this vulnerability is rated Moderate impact.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41723"
},
{
"category": "external",
"summary": "RHBZ#2178358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178358"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h",
"url": "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h"
},
{
"category": "external",
"summary": "https://go.dev/cl/468135",
"url": "https://go.dev/cl/468135"
},
{
"category": "external",
"summary": "https://go.dev/cl/468295",
"url": "https://go.dev/cl/468295"
},
{
"category": "external",
"summary": "https://go.dev/issue/57855",
"url": "https://go.dev/issue/57855"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1571",
"url": "https://pkg.go.dev/vuln/GO-2023-1571"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-1571.json",
"url": "https://vuln.go.dev/ID/GO-2023-1571.json"
}
],
"release_date": "2023-02-17T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T12:12:11+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:6078"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding"
},
{
"cve": "CVE-2023-26125",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-05-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2203769"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Gin-Gonic Gin. This flaw allows a remote attacker to bypass security restrictions caused by improper input validation. An attacker can perform cache poisoning attacks by sending a specially-crafted request using the X-Forwarded-Prefix header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-github-gin-gonic-gin: Improper Input Validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26125"
},
{
"category": "external",
"summary": "RHBZ#2203769",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203769"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26125",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26125"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26125",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26125"
},
{
"category": "external",
"summary": "https://www.postgresql.org/support/security/CVE-2023-2454/",
"url": "https://www.postgresql.org/support/security/CVE-2023-2454/"
}
],
"release_date": "2023-05-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T12:12:11+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:6078"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang-github-gin-gonic-gin: Improper Input Validation"
},
{
"cve": "CVE-2023-26144",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-09-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2239924"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the graphql package. Affected versions of this package are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This issue may allow an attacker to degrade system performance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "graphql: Insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26144"
},
{
"category": "external",
"summary": "RHBZ#2239924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26144",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26144"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226",
"url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/issues/3955",
"url": "https://github.com/graphql/graphql-js/issues/3955"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/pull/3972",
"url": "https://github.com/graphql/graphql-js/pull/3972"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1",
"url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181",
"url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181"
}
],
"release_date": "2023-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T12:12:11+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:6078"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "graphql: Insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries"
},
{
"cve": "CVE-2023-29401",
"cwe": {
"id": "CWE-494",
"name": "Download of Code Without Integrity Check"
},
"discovery_date": "2023-06-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2216957"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Gin-Gonic Gin Web Framework. Affected versions of this package could allow a remote attacker to bypass security restrictions caused by improper input validation by the filename parameter of the Context.FileAttachment function. An attacker can modify the Content-Disposition header by using a specially-crafted attachment file name.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-github-gin-gonic-gin: Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29401"
},
{
"category": "external",
"summary": "RHBZ#2216957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216957"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29401"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29401",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29401"
}
],
"release_date": "2023-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T12:12:11+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:6078"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang-github-gin-gonic-gin: Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T12:12:11+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:6078"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T12:12:11+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:6078"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:e1e3b4adafebe14f5c1c17b8b81c921c8c2daf77bf22ffef9f0a2e1ac1a32d5f_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:cfd662d50e649898951b9dc21bb8bd533ccbe4daa9ae9eb1ea365ae9bfdf39e0_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:86e6fc987f49aa419b0c7f15276559c4e0958adc9385d80deef228dfb9bcf0ba_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:bd5cf5ff33a900a8f7b8b4fc52ada3af737d42793b27e63f5cc7c36b11a21189_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:fd9758985cb3ab4fe6bddf1b989b0cc7803d9bf79883dfe3a02c6c3644fcc891_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:7a25dd92fb3949f6b231d8019dda8ee2432ce1708cf746fdc805f335d19119e8_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:8d9c4e66535b0b3c6921cbf819c7d86dedaa9076fc05b9f00e9002b6fb1c5b1d_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:8fbc5262ebc5791a156ecc4afa539bb6d72bfe3ecf28e7ebaab12aab63e472e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:ba513f372d1eccbc1a96c0934384021b5cd228533435bcfb70dd584e65f5abec_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:9ec2a9e288b742ea9d71f13e055a4ede1b34e5e251aa662c65a83747a6603462_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:53f0fa129b04bcb7ea8f80e6136fbaf189460b29bdd123398f456a4d2a32de3f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:110ebc02ca7aca24ff830e8073af8062434ca8dc8ff1239b92c24e84d6cf08c3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:7481185531e6bba394f769c0e73bfc431e0d763afd23c59bacc8ec32875b0af3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:094c261ca283ee4fcf58e79cc93e61da6e0759c82a157f3169c4390a7e7f1f74_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2024_1570
Vulnerability from csaf_redhat - Published: 2024-03-28 20:50 - Updated: 2024-12-17 22:37Summary
Red Hat Security Advisory: ACS 4.4 enhancement and security update
Notes
Topic
Important: Updated images are now available for Red Hat Advanced Cluster Security.
Details
Updated images are now available for Red Hat Advanced Cluster Security. The
updated image includes new features and bug fixes.
This release includes the following features and updates:
* New Compliance capabilities (Technology Preview)
* Network graph enhancements for internal entities
* Build-time network policy tools is now generally available
* Init-bundle graphical user interface improvements
* eBPF CO-RE collection method enabled by default
* Bring your own database for RHACS Central is now generally available
* Support RHACS on ROSA hosted control plane
* Life cycle updates
* Integration with Red Hat OpenShift Cluster Manager and Paladin Cloud to discover unsecured clusters
* Migration to stock Red Hat OpenShift SCCs during manual upgrade by using roxctl CLI
* Cluster discovery by using cloud source integrations
* Short-lived API tokens for Central
* Enhanced roxctl deployment check command
* Authentication of AWS and GCP integrations by using short-lived tokens (Technology Preview)
* Scanner V4 that uses upstream ClairCore (Technology Preview)
* Filter workload CVEs by using component and component source
For more information, including bug fix descriptions, see https://docs.openshift.com/acs/4.4/release_notes/44-release-notes.html.
Security fixes:
* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
* go-git: Maliciously crafted Git server replies can cause DoS on go-git clients (CVE-2023-49568)
* helm: Missing YAML content leads to panic (CVE-2024-26147)
* helm: Shows secrets with --dry-run option in clear text (CVE-2019-25210)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Important: Updated images are now available for Red Hat Advanced Cluster Security.",
"title": "Topic"
},
{
"category": "general",
"text": "Updated images are now available for Red Hat Advanced Cluster Security. The\nupdated image includes new features and bug fixes.\n\nThis release includes the following features and updates:\n\n* New Compliance capabilities (Technology Preview)\n* Network graph enhancements for internal entities\n* Build-time network policy tools is now generally available\n* Init-bundle graphical user interface improvements\n* eBPF CO-RE collection method enabled by default\n* Bring your own database for RHACS Central is now generally available\n* Support RHACS on ROSA hosted control plane\n* Life cycle updates\n* Integration with Red Hat OpenShift Cluster Manager and Paladin Cloud to discover unsecured clusters\n* Migration to stock Red Hat OpenShift SCCs during manual upgrade by using roxctl CLI\n* Cluster discovery by using cloud source integrations\n* Short-lived API tokens for Central\n* Enhanced roxctl deployment check command\n* Authentication of AWS and GCP integrations by using short-lived tokens (Technology Preview)\n* Scanner V4 that uses upstream ClairCore (Technology Preview)\n* Filter workload CVEs by using component and component source\n\nFor more information, including bug fix descriptions, see https://docs.openshift.com/acs/4.4/release_notes/44-release-notes.html.\n\nSecurity fixes:\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n* go-git: Maliciously crafted Git server replies can cause DoS on go-git clients (CVE-2023-49568)\n* helm: Missing YAML content leads to panic (CVE-2024-26147)\n* helm: Shows secrets with --dry-run option in clear text (CVE-2019-25210)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1570",
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
},
{
"category": "external",
"summary": "https://docs.openshift.com/acs/4.4/release_notes/44-release-notes.html",
"url": "https://docs.openshift.com/acs/4.4/release_notes/44-release-notes.html"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "2258165",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258165"
},
{
"category": "external",
"summary": "2265440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265440"
},
{
"category": "external",
"summary": "ROX-23399",
"url": "https://issues.redhat.com/browse/ROX-23399"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1570.json"
}
],
"title": "Red Hat Security Advisory: ACS 4.4 enhancement and security update",
"tracking": {
"current_release_date": "2024-12-17T22:37:33+00:00",
"generator": {
"date": "2024-12-17T22:37:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:1570",
"initial_release_date": "2024-03-28T20:50:01+00:00",
"revision_history": [
{
"date": "2024-03-28T20:50:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-03-28T20:50:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:37:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHACS 4.4 for RHEL 8",
"product": {
"name": "RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.4.0-17"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.4.0-17"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.4.0-13"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.4.0-8"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.4.0-17"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.4.0-17"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.4.0-13"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.4.0-8"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.4.0-17"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.4.0-17"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.4.0-13"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.4.0-8"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-25210",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2024-03-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268201"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Helm that may lead to sensitive information disclosure. When the --dry-run flag is used in Helm 3, it displays values of secrets. Helm 2 just displays the fact that a secret has been created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "helm: shows secrets with --dry-run option in clear text",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-25210"
},
{
"category": "external",
"summary": "RHBZ#2268201",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268201"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-25210",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25210"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-25210",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25210"
},
{
"category": "external",
"summary": "https://github.com/helm/helm/issues/7275",
"url": "https://github.com/helm/helm/issues/7275"
}
],
"release_date": "2024-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-28T20:50:01+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "helm: shows secrets with --dry-run option in clear text"
},
{
"cve": "CVE-2023-26144",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-09-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2239924"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the graphql package. Affected versions of this package are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This issue may allow an attacker to degrade system performance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "graphql: Insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26144"
},
{
"category": "external",
"summary": "RHBZ#2239924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26144",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26144"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226",
"url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/issues/3955",
"url": "https://github.com/graphql/graphql-js/issues/3955"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/pull/3972",
"url": "https://github.com/graphql/graphql-js/pull/3972"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1",
"url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181",
"url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181"
}
],
"release_date": "2023-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-28T20:50:01+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "graphql: Insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries"
},
{
"cve": "CVE-2023-29406",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: insufficient sanitization of Host header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "RHBZ#2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
}
],
"release_date": "2023-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-28T20:50:01+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: insufficient sanitization of Host header"
},
{
"cve": "CVE-2023-49568",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-01-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2258165"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service (DoS) vulnerability was found in the go library go-git. This issue may allow an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-git: Maliciously crafted Git server replies can cause DoS on go-git clients",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This problem only affects the go implementation and not the original git cli code. Applications using only in-memory filesystems are not affected by this issue. Clients should be limited to connect to only trusted git servers to reduce the risk of compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x"
],
"known_not_affected": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-49568"
},
{
"category": "external",
"summary": "RHBZ#2258165",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258165"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-49568",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49568"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-49568",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49568"
},
{
"category": "external",
"summary": "https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r",
"url": "https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r"
}
],
"release_date": "2023-12-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-28T20:50:01+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
},
{
"category": "workaround",
"details": "In cases where a bump to the latest version of go-git is not possible, a recommendation to reduce the exposure of this threat is limiting its use to only trust-worthy Git servers.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-git: Maliciously crafted Git server replies can cause DoS on go-git clients"
},
{
"cve": "CVE-2024-26147",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"discovery_date": "2024-02-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2265440"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Helm. This flaw may lead to a panic when Helm parses index and plugin yaml files missing expected content, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "helm: Missing YAML Content Leads To Panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as Moderate since this would impact the Helm client and requires a malicious plugin to be in place, which can be removed.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-26147"
},
{
"category": "external",
"summary": "RHBZ#2265440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-26147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26147"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-26147",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26147"
},
{
"category": "external",
"summary": "https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6",
"url": "https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6"
}
],
"release_date": "2024-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-28T20:50:01+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
},
{
"category": "workaround",
"details": "If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem.\n\nIf using Helm SDK versions prior to 3.14.2, calls to affected functions can use recover to catch the panic.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "helm: Missing YAML Content Leads To Panic"
},
{
"cve": "CVE-2024-28180",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2024-03-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268854"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jose-go: improper handling of highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28180"
},
{
"category": "external",
"summary": "RHBZ#2268854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28180"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g"
}
],
"release_date": "2024-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-28T20:50:01+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jose-go: improper handling of highly compressed data"
}
]
}
RHSA-2024:1570
Vulnerability from csaf_redhat - Published: 2024-03-28 20:50 - Updated: 2025-12-03 21:59Summary
Red Hat Security Advisory: ACS 4.4 enhancement and security update
Notes
Topic
Important: Updated images are now available for Red Hat Advanced Cluster Security.
Details
Updated images are now available for Red Hat Advanced Cluster Security. The
updated image includes new features and bug fixes.
This release includes the following features and updates:
* New Compliance capabilities (Technology Preview)
* Network graph enhancements for internal entities
* Build-time network policy tools is now generally available
* Init-bundle graphical user interface improvements
* eBPF CO-RE collection method enabled by default
* Bring your own database for RHACS Central is now generally available
* Support RHACS on ROSA hosted control plane
* Life cycle updates
* Integration with Red Hat OpenShift Cluster Manager and Paladin Cloud to discover unsecured clusters
* Migration to stock Red Hat OpenShift SCCs during manual upgrade by using roxctl CLI
* Cluster discovery by using cloud source integrations
* Short-lived API tokens for Central
* Enhanced roxctl deployment check command
* Authentication of AWS and GCP integrations by using short-lived tokens (Technology Preview)
* Scanner V4 that uses upstream ClairCore (Technology Preview)
* Filter workload CVEs by using component and component source
For more information, including bug fix descriptions, see https://docs.openshift.com/acs/4.4/release_notes/44-release-notes.html.
Security fixes:
* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
* go-git: Maliciously crafted Git server replies can cause DoS on go-git clients (CVE-2023-49568)
* helm: Missing YAML content leads to panic (CVE-2024-26147)
* helm: Shows secrets with --dry-run option in clear text (CVE-2019-25210)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Important: Updated images are now available for Red Hat Advanced Cluster Security.",
"title": "Topic"
},
{
"category": "general",
"text": "Updated images are now available for Red Hat Advanced Cluster Security. The\nupdated image includes new features and bug fixes.\n\nThis release includes the following features and updates:\n\n* New Compliance capabilities (Technology Preview)\n* Network graph enhancements for internal entities\n* Build-time network policy tools is now generally available\n* Init-bundle graphical user interface improvements\n* eBPF CO-RE collection method enabled by default\n* Bring your own database for RHACS Central is now generally available\n* Support RHACS on ROSA hosted control plane\n* Life cycle updates\n* Integration with Red Hat OpenShift Cluster Manager and Paladin Cloud to discover unsecured clusters\n* Migration to stock Red Hat OpenShift SCCs during manual upgrade by using roxctl CLI\n* Cluster discovery by using cloud source integrations\n* Short-lived API tokens for Central\n* Enhanced roxctl deployment check command\n* Authentication of AWS and GCP integrations by using short-lived tokens (Technology Preview)\n* Scanner V4 that uses upstream ClairCore (Technology Preview)\n* Filter workload CVEs by using component and component source\n\nFor more information, including bug fix descriptions, see https://docs.openshift.com/acs/4.4/release_notes/44-release-notes.html.\n\nSecurity fixes:\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n* go-git: Maliciously crafted Git server replies can cause DoS on go-git clients (CVE-2023-49568)\n* helm: Missing YAML content leads to panic (CVE-2024-26147)\n* helm: Shows secrets with --dry-run option in clear text (CVE-2019-25210)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1570",
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
},
{
"category": "external",
"summary": "https://docs.openshift.com/acs/4.4/release_notes/44-release-notes.html",
"url": "https://docs.openshift.com/acs/4.4/release_notes/44-release-notes.html"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "2258165",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258165"
},
{
"category": "external",
"summary": "2265440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265440"
},
{
"category": "external",
"summary": "ROX-23399",
"url": "https://issues.redhat.com/browse/ROX-23399"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1570.json"
}
],
"title": "Red Hat Security Advisory: ACS 4.4 enhancement and security update",
"tracking": {
"current_release_date": "2025-12-03T21:59:49+00:00",
"generator": {
"date": "2025-12-03T21:59:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2024:1570",
"initial_release_date": "2024-03-28T20:50:01+00:00",
"revision_history": [
{
"date": "2024-03-28T20:50:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-03-28T20:50:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-03T21:59:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHACS 4.4 for RHEL 8",
"product": {
"name": "RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.4.0-17"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.4.0-17"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.4.0-13"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.4.0-8"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.4.0-17"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.4.0-17"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.4.0-13"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.4.0-8"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.4.0-17"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.4.0-17"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.4.0-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.4.0-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.4.0-11"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.4.0-13"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.4.0-8"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-25210",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2024-03-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268201"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Helm that may lead to sensitive information disclosure. When the --dry-run flag is used in Helm 3, it displays values of secrets. Helm 2 just displays the fact that a secret has been created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "helm: shows secrets with --dry-run option in clear text",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-25210"
},
{
"category": "external",
"summary": "RHBZ#2268201",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268201"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-25210",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25210"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-25210",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25210"
},
{
"category": "external",
"summary": "https://github.com/helm/helm/issues/7275",
"url": "https://github.com/helm/helm/issues/7275"
}
],
"release_date": "2024-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-28T20:50:01+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "helm: shows secrets with --dry-run option in clear text"
},
{
"cve": "CVE-2023-26144",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-09-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2239924"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the graphql package. Affected versions of this package are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This issue may allow an attacker to degrade system performance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "graphql: Insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26144"
},
{
"category": "external",
"summary": "RHBZ#2239924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26144",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26144"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226",
"url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/issues/3955",
"url": "https://github.com/graphql/graphql-js/issues/3955"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/pull/3972",
"url": "https://github.com/graphql/graphql-js/pull/3972"
},
{
"category": "external",
"summary": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1",
"url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181",
"url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181"
}
],
"release_date": "2023-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-28T20:50:01+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "graphql: Insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries"
},
{
"cve": "CVE-2023-29406",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: insufficient sanitization of Host header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "RHBZ#2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
}
],
"release_date": "2023-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-28T20:50:01+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: insufficient sanitization of Host header"
},
{
"cve": "CVE-2023-49568",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-01-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2258165"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service (DoS) vulnerability was found in the go library go-git. This issue may allow an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-git: Maliciously crafted Git server replies can cause DoS on go-git clients",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This problem only affects the go implementation and not the original git cli code. Applications using only in-memory filesystems are not affected by this issue. Clients should be limited to connect to only trusted git servers to reduce the risk of compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x"
],
"known_not_affected": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-49568"
},
{
"category": "external",
"summary": "RHBZ#2258165",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258165"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-49568",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49568"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-49568",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49568"
},
{
"category": "external",
"summary": "https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r",
"url": "https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r"
}
],
"release_date": "2023-12-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-28T20:50:01+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
},
{
"category": "workaround",
"details": "In cases where a bump to the latest version of go-git is not possible, a recommendation to reduce the exposure of this threat is limiting its use to only trust-worthy Git servers.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-git: Maliciously crafted Git server replies can cause DoS on go-git clients"
},
{
"cve": "CVE-2024-26147",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"discovery_date": "2024-02-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2265440"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Helm. This flaw may lead to a panic when Helm parses index and plugin yaml files missing expected content, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "helm: Missing YAML Content Leads To Panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as Moderate since this would impact the Helm client and requires a malicious plugin to be in place, which can be removed.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-26147"
},
{
"category": "external",
"summary": "RHBZ#2265440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-26147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26147"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-26147",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26147"
},
{
"category": "external",
"summary": "https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6",
"url": "https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6"
}
],
"release_date": "2024-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-28T20:50:01+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
},
{
"category": "workaround",
"details": "If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem.\n\nIf using Helm SDK versions prior to 3.14.2, calls to affected functions can use recover to catch the panic.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "helm: Missing YAML Content Leads To Panic"
},
{
"cve": "CVE-2024-28180",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2024-03-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268854"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jose-go: improper handling of highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28180"
},
{
"category": "external",
"summary": "RHBZ#2268854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28180"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g"
}
],
"release_date": "2024-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-28T20:50:01+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to upgrade to release 4.4.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1570"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:52861bad043e0fa2e1e7be172b08c0b3677709c83da031bcf39a68c0b073607e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:73064e3e772937c74220e4c34b9554ce6e94b605e826283809815fba9abc4cd4_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:78781d0ee31d25dc1d0ef33bbc7d6b7b4df413220dccf7cf3551755299b58594_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:0649b01e11098be6533ef4c64b1181108d06b21956d687f5c05c01cb3316f11e_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:1da693919b9e2f1ec16e7cd1217e5731979ac96d1b15db62ae62a5f0fb4a541f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:f0384d3a958c89ae686ed8df2ff32485812c80f351110250960776ea6cfb6788_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:14ea4ba081a1c51d1b7ed98dd119cc139912b0eca9acfe566b971989e598b6a1_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1f6eae080abc086069d0aa30f8d91709cdeea448860993f05f9eb69468ea46eb_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9434b2ffc9bb79e49f8a74d3715f91c3fd0e1a4a6f2f1a055dac54410aced9cf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:22920aca86f56bbba6ff10d1c5c736cefa894322197d9bbe507b3633c7edb6dc_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:8f15386daaadd8ed55739eb64e208427f9641d2b0063ddc7e3826a8e5c5604ba_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:a4b63d240ed0581995a1cae527fce3b0e3ded6524c9083251f63d447f830e7f3_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:94fcee9ac22671bd18be77381214665d9289151703a9ed78c29cee02b92612f4_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:bb3294d638f30c3e816779d0a058b462b12afc4e43f5f4fbc24dccfc995371ae_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:ccbde10e2270cb4e8a793e2c78caa4a2e77aa78f854f1719cc473cf87471aed4_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:3d7e870e5825b9a39f04d0d1b9c9a23879761686ed1a6d9c34687066d10b515a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5539db4c0e808fb5b09e200db5600c980a51f1ca2161a2a8f61d94076fd48cc7_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:5d77d831b8791bb69b79b9943ac143db17a7a553032f1a4e1ea90b881bdbc384_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b47077680184e7f1aa63cd3a3bd59a8f641eb8d9d4ed3e12fa6dae308bb3aba0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c8ddf5f6c10f9a31137afb7f5939012ad88e9cca1172d980a5667bf62e37a01c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:db29aec91e8e935fe39fcb467b360b2fb32cd7f3c36f9d48572c4e4778f06ba7_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:08a189b04c0657aa4cd442e5cf53f2de029895cf99f8aef449349b8da7bc2951_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4969d7ca6f85df7baa2dbd4ed02924e7a0f42aa67aa622d7013a11a25cdad000_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7bc8c0edd2f1cf0ce2994d581ae78fbbac052347a01b2b1b712fc5786d89927c_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0b3943c5432acba57b45290a07077f7fe629e3aec85f78196ea53361a9068ea5_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4232396739855b28215ef0685614faac042db973a403ea80c5cd032d05b208b0_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8f184c626a84a645f9971f6c4ea0363a3e97ecc687fd753c46e5a5f21e3802d1_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c2e3453df971f050e4edf411be1c5ed898ea1ba1ce419d2f070d63acd21e202a_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ec39860ffcfc6c5b3d3aab9d5208a45a5a126e9769b5fd6a4fbfe3cb631b7650_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f3ec22fdb078e88634361a5b069340a076e24964526753fcbf754815c8278670_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13c3b7dffb0fbec9e67e754f19e04e593d9ed3ab3d73f3b23d55891d0118fec8_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a14bfa4d4cfcca3c6275db75498166955a59a104c6fee25a208114a9e0e53d4f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a18d2879c67d8dc059db6c5941221b19008564904d3662c942c571c9cd141b17_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:014ad6fad2d7a67d99ad964f8cd5898f6ca15de118b53c14d3ec22b3a040453f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8396da0eecd45faf3993826ae1c44827eff90f65b0088a2a4862a7e97cde01ac_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e16399d543e858ea20d34b8af668e9d9c5426cb29978391783a01b81b8f34039_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:71f9e99cafd293ceffe9980c7b9a3de1fb1f6dd63c2799d4f8bc648791d6fb67_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:eeec1e4168d4088bbb44142e8b3e1ec26bd6e74a3a9c496e91c8e54f1b98e14b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fb10a0839bb4764dce98df236a6954035c4377e190d777dc4b141e157b609181_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jose-go: improper handling of highly compressed data"
}
]
}
GSD-2023-26144
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.
**Note:** It was not proven that this vulnerability can crash the process.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-26144",
"id": "GSD-2023-26144"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-26144"
],
"details": "Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\r\r**Note:** It was not proven that this vulnerability can crash the process.",
"id": "GSD-2023-26144",
"modified": "2023-12-13T01:20:53.463019Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2023-26144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "graphql",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "16.3.0",
"version_value": "16.8.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "Tadhg Lewis"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\r\r**Note:** It was not proven that this vulnerability can crash the process."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-400",
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181",
"refsource": "MISC",
"url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181"
},
{
"name": "https://github.com/graphql/graphql-js/pull/3972",
"refsource": "MISC",
"url": "https://github.com/graphql/graphql-js/pull/3972"
},
{
"name": "https://github.com/graphql/graphql-js/issues/3955",
"refsource": "MISC",
"url": "https://github.com/graphql/graphql-js/issues/3955"
},
{
"name": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226",
"refsource": "MISC",
"url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226"
},
{
"name": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1",
"refsource": "MISC",
"url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:graphql:graphql:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndExcluding": "16.8.1",
"versionStartIncluding": "16.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:graphql:graphql:17.0.0:alpha2:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:graphql:graphql:17.0.0:alpha1:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2023-26144"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\r\r**Note:** It was not proven that this vulnerability can crash the process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226"
},
{
"name": "https://github.com/graphql/graphql-js/pull/3972",
"refsource": "MISC",
"tags": [
"Product"
],
"url": "https://github.com/graphql/graphql-js/pull/3972"
},
{
"name": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181"
},
{
"name": "https://github.com/graphql/graphql-js/issues/3955",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/graphql/graphql-js/issues/3955"
},
{
"name": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1",
"refsource": "MISC",
"tags": [
"Release Notes"
],
"url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
},
"lastModifiedDate": "2023-09-22T14:05Z",
"publishedDate": "2023-09-20T05:15Z"
}
}
}
GHSA-9PV7-VFVM-6VR7
Vulnerability from github – Published: 2023-09-20 06:30 – Updated: 2023-09-21 17:03
VLAI?
Summary
graphql Uncontrolled Resource Consumption vulnerability
Details
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.
Note: It was not proven that this vulnerability can crash the process.
Severity ?
5.3 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "graphql"
},
"ranges": [
{
"events": [
{
"introduced": "16.3.0"
},
{
"fixed": "16.8.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-26144"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2023-09-21T17:03:11Z",
"nvd_published_at": "2023-09-20T05:15:39Z",
"severity": "MODERATE"
},
"details": "Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\n\n**Note:** It was not proven that this vulnerability can crash the process.",
"id": "GHSA-9pv7-vfvm-6vr7",
"modified": "2023-09-21T17:03:11Z",
"published": "2023-09-20T06:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26144"
},
{
"type": "WEB",
"url": "https://github.com/graphql/graphql-js/issues/3955"
},
{
"type": "WEB",
"url": "https://github.com/graphql/graphql-js/pull/3972"
},
{
"type": "WEB",
"url": "https://github.com/graphql/graphql-js/commit/8f4c64eb6a7112a929ffeef00caa67529b3f2fcf"
},
{
"type": "PACKAGE",
"url": "https://github.com/graphql/graphql-js"
},
{
"type": "WEB",
"url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "graphql Uncontrolled Resource Consumption vulnerability"
}
FKIE_CVE-2023-26144
Vulnerability from fkie_nvd - Published: 2023-09-20 05:15 - Updated: 2024-11-21 07:50
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.
**Note:** It was not proven that this vulnerability can crash the process.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:graphql:graphql:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "F350F09D-E2EC-454B-AE86-D1685AFDD9D2",
"versionEndExcluding": "16.8.1",
"versionStartIncluding": "16.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:graphql:graphql:17.0.0:alpha1:*:*:*:node.js:*:*",
"matchCriteriaId": "37819AB7-A406-4FC1-BB34-C949848AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:graphql:graphql:17.0.0:alpha2:*:*:*:node.js:*:*",
"matchCriteriaId": "17EC77C2-6B00-4742-A98E-08874B982117",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\r\r**Note:** It was not proven that this vulnerability can crash the process."
},
{
"lang": "es",
"value": "Las versiones del paquete graphql desde 16.3.0 y anteriores a 16.8.1 son vulnerables a la Denegaci\u00f3n de Servicio (DoS) debido a comprobaciones insuficientes en el archivo OverlappingFieldsCanBeMergedRule.ts al analizar consultas grandes. Esta vulnerabilidad permite a un atacante degradar el rendimiento del sistema. **Nota:** No se ha demostrado que esta vulnerabilidad pueda bloquear el proceso."
}
],
"id": "CVE-2023-26144",
"lastModified": "2024-11-21T07:50:52.170",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "report@snyk.io",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-20T05:15:39.923",
"references": [
{
"source": "report@snyk.io",
"tags": [
"Patch"
],
"url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226"
},
{
"source": "report@snyk.io",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/graphql/graphql-js/issues/3955"
},
{
"source": "report@snyk.io",
"tags": [
"Product"
],
"url": "https://github.com/graphql/graphql-js/pull/3972"
},
{
"source": "report@snyk.io",
"tags": [
"Release Notes"
],
"url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1"
},
{
"source": "report@snyk.io",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/graphql/graphql-js/issues/3955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/graphql/graphql-js/pull/3972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "report@snyk.io",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…